drive: use secret token to authenticate access to file server on localhost

This prevents Mark-of-the-Web bypass attacks in case someone visits the
localhost WebDAV server directly.

Fixes tailscale/corp#19592

Signed-off-by: Percy Wegmann <percy@tailscale.com>

drive/driveimpl/local_impl.go

@@ -77,7 +77,7 @@ func (s *FileSystemForLocal) SetRemotes(domain string, remotes []*drive.Remote,
 				Name:      remote.Name,
 				Available: remote.Available,
 			},
-			BaseURL:   remote.URL,
+			BaseURL:   func() (string, error) { return remote.URL, nil },
 			Transport: transport,
 		})
 	}