Downloads::File: fix SSRF inside is_cloudflare? (#2498).

Fixes the banned IP check not being applied when sending the HEAD
request for is_cloudflare?.

Also fixes the `#size` method not using the uncached url (which meant
the bookmarklet could report the wrong filesize on artstation uploads).

test/unit/downloads/art_station_test.rb

@@ -34,6 +34,10 @@ module Downloads
       should "return the original file, not the polished file" do
         assert_downloaded(517_706, @asset) # polished size: 502_052
       end
+
+      should "return the original filesize, not the polished filesize" do
+        assert_equal(517_706, Downloads::File.new(@asset).size)
+      end
     end
 
     context "a download for a https://$artist.artstation.com/projects/$id page" do