Asserting downloaded file content and more changes

[szymsza]

I added four changes:

1. I added resource files big-gradient.jpg for a large image file and short-text.txt for a short text file. I use these in the SOP PoCs and I assume files like this can be useful for different PoCs in general.
2. I enabled directory indexing of screenshots - navigating to /screenshots/ makes it possible to view all screenshots in the browser. Until now, I had to clumsily copy the files from the server to view them...
3. I added REPORT_LEAK command to the script which behaves as expected and makes interaction scripts slightly more readable
4. I added ASSERT_FILE_CONTAINS file content command which checks if the downloaded file contains the given content (as a substring) and continues the evaluation only if it does. Failing this assertion is still considered sane behaviour and the exact reason for failing is included as a query parameter in the bughog_sanity_check=OK report. I chose ASSERT_FILE_CONTAINS instead of, e.g., REPORT_LEAK_IF_FILE_CONTAINS so that the user has more freedom to choose what to do after checking the file content (e.g., download another file and report a leak only if both files contain some string).

[szymsza]

I added two new commands

• NEW_TAB url - opens the URL in a new tab instead of a new window (faster + reopening the browser can mess with state, e.g., cookies)
• OPEN_FILE filename - opens a downloaded file in the browser

[szymsza]

I added a small change to allow all request methods to hit custom Python endpoints - previously, only GET was supported by default.