Modify `.htaccess` to allow backdrop to serve `.well-known` URIs

Description of the need

Fixes https://github.com/backdrop/backdrop-issues/issues/5583

I have recently started to use Backdrop, and as my first development task I ported my Security.txt module from Drupal to Backdrop. This module serves a two well-known URLs:

• /.well-known/security.txt
• /.well-known/security.txt.sig

This works with Drupal 7 & 9 as their .htaccess files do not deny access to files (and therefore Drupal paths) beginning with .well-known. However, Backdrop's .htaccess file (as of version 1.21.4) blocks all files (and therefore Backdrop paths) beginning with . without an exemption for those beginning with .well-known.

There are a number of standardized well-known URIs which it would be good to allow Backdrop to serve, indeed I have started work on a general module to do this. However, the current Backdrop .htaccess file prevents these modules from working without the user manually patching their .htaccess file or creating a .well-known directory in their document root.

Proposed solution

Modify the Backdrop .htaccess file.

I will submit a PR with my proposed change shortly.

Alternatives that have been considered

• Any module which wishes to serve a well-known URI should add a line to the "Status Report" informing the user that they must manually create a .well-known directory in their document root. This may not be easy or indeed possible depending on a user's technical expertise or hosting arrangements.

Draft of feature description for Press Release (1 paragraph at most)

If this issue is resolved and the two mentioned modules are approved then we could have something like:

• Backdrop now includes support for the Security.txt standard via the security.txt module.
• Backdrop now includes support for the change-password service via the well_known_uris module.