Remove mime_type from asset update API

Clients can no longer modify mime_type after asset creation via the
PUT /api/assets/{id} endpoint. This reduces the risk of mime_type
spoofing. The internal update_asset_hash_and_mime function remains
available for server-side use (e.g., enrichment).

Amp-Thread-ID: https://ampcode.com/threads/T-019cef5d-8d61-75cc-a1c6-2841ac395648
Co-authored-by: Amp <amp@ampcode.com>

app/assets/api/routes.py

@@ -494,7 +494,6 @@ async def update_asset_route(request: web.Request) -> web.Response:
             name=body.name,
             user_metadata=body.user_metadata,
             owner_id=USER_MANAGER.get_request_user_id(request),
-            mime_type=body.mime_type,
             preview_id=body.preview_id,
         )
         payload = _build_asset_response(result)

app/assets/api/schemas_in.py

@@ -100,17 +100,16 @@ class ListAssetsQuery(BaseModel):
 class UpdateAssetBody(BaseModel):
     name: str | None = None
     user_metadata: dict[str, Any] | None = None
-    mime_type: str | None = None
     preview_id: str | None = None  # references an asset_reference id, not an asset id
 
     @model_validator(mode="after")
     def _validate_at_least_one_field(self):
         if all(
             v is None
-            for v in (self.name, self.user_metadata, self.mime_type, self.preview_id)
+            for v in (self.name, self.user_metadata, self.preview_id)
         ):
             raise ValueError(
-                "Provide at least one of: name, user_metadata, mime_type, preview_id."
+                "Provide at least one of: name, user_metadata, preview_id."
             )
         return self