Secure expense receipts by wiring Media Library to FileDisk

Spatie Media Library now uses the default FileDisk (local_private) for
new uploads instead of the public disk. Expense receipts are no longer
directly web-accessible.

- AppServiceProvider configures media-library disk from FileDisk on boot
- Change media-library fallback from 'public' to 'local'
- Expense receipt URL accessor returns authenticated route instead of
  direct file URL
- Add registerMediaCollections() to Expense model
- Prevent deleting FileDisk that contains files or is a system disk
- Add media:secure command to migrate existing receipts to private disk

Fixes #187

app/Http/Controllers/Admin/Settings/DiskController.php

@@ -11,6 +11,7 @@ use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
+use Illuminate\Support\Facades\DB;
 
 class DiskController extends Controller
 {
@@ -158,8 +159,23 @@ class DiskController extends Controller
     {
         $this->authorize('manage file disk');
 
-        if ($disk->setAsDefault() && $disk->type === 'SYSTEM') {
-            return respondJson('not_allowed', 'Not Allowed');
+        if ($disk->type === 'SYSTEM') {
+            return respondJson('not_allowed', 'System disks cannot be deleted.');
+        }
+
+        if ($disk->setAsDefault()) {
+            return respondJson('not_allowed', 'The default disk cannot be deleted.');
+        }
+
+        $prefix = env('DYNAMIC_DISK_PREFIX', 'temp_');
+        $diskName = $prefix.$disk->driver;
+        $mediaCount = DB::table('media')
+            ->where('disk', $diskName)
+            ->orWhere('disk', $disk->driver)
+            ->count();
+
+        if ($mediaCount > 0) {
+            return respondJson('disk_has_files', 'Cannot delete this disk — it contains '.$mediaCount.' file(s). Migrate files first.');
         }
 
         $disk->delete();