simplify MIME detection to text/binary only

Remove magic byte detection in favor of simple UTF-8 validation:
- text/plain for valid UTF-8 content
- application/octet-stream for binary data

Security maintained via headers (X-Content-Type-Options: nosniff, CSP).
Magic signatures preserved as comments for future reference.

Disabled test files:
- test_mime_detection.py.disabled (magic-dependent tests)
- test_polyglot.py.disabled (polyglot format tests)

For full MIME detection, consider using the `filetype` library.

tests/test_api.py

@@ -78,7 +78,7 @@ class TestCreatePaste:
         assert data["mime_type"] == "text/plain"
 
     def test_create_paste_binary(self, client, png_bytes):
-        """Create paste with binary content detects MIME type."""
+        """Create paste with binary content returns octet-stream (magic detection disabled)."""
         response = client.post(
             "/",
             data=png_bytes,
@@ -86,7 +86,8 @@ class TestCreatePaste:
         )
         assert response.status_code == 201
         data = json.loads(response.data)
-        assert data["mime_type"] == "image/png"
+        # Magic byte detection disabled - binary content is octet-stream
+        assert data["mime_type"] == "application/octet-stream"
 
     def test_create_paste_empty_fails(self, client):
         """Create paste with empty content fails."""
@@ -196,7 +197,8 @@ class TestGetPasteRaw:
         response = client.get(f"/{paste_id}/raw")
         assert response.status_code == 200
         assert response.data == png_bytes
-        assert response.content_type == "image/png"
+        # Magic byte detection disabled - binary served as octet-stream
+        assert response.content_type == "application/octet-stream"
 
     def test_get_paste_raw_not_found(self, client):
         """Get raw nonexistent paste returns 404."""