rip out magic-based MIME type guessing

- Not much of a use-case for it
- Presents security issues WRT browser-executable file types

We should probably also include the `X-Content-Type-Options: nosniff` & `X-Frame-Options: DENY` headers for extra safety.
