FIX: Preserve media extensions for uploaded attack messages

[biefan]

Summary

• Fix attack-message media persistence so uploaded image/audio/video payloads do not fall back to .bin when the request omits the separate mime_type field.
• Infer the extension from a data URI header such as data:image/png;base64,... before falling back to the message data_type.
• Add data_type defaults aligned with converter preview behavior (image_path -> .png, audio_path -> .wav, video_path -> .mp4, binary_path -> .bin).
• Add regression coverage for data URI image uploads and raw image base64 uploads without MIME metadata.

Why

The media endpoint only serves allowlisted media extensions. Before this change, an uploaded image message that provided the MIME in the data URI but left mime_type unset was persisted with a .bin extension. That made the stored media path unusable through /api/media, so clients could fail to preview or download a valid uploaded image.

Tests

• uv run -m pytest tests/unit/backend/test_attack_service.py -q
• uv run -m pytest tests/unit/backend -q
• uv run -m ty check pyrit/backend/services/attack_service.py tests/unit/backend/test_attack_service.py
• uv run pre-commit run --files pyrit/backend/services/attack_service.py tests/unit/backend/test_attack_service.py