Add content_type_allowlist example to uploader template

Adds a commented example of `content_type_allowlist` (/image\//) to the
generated uploader.  It mirrors the existing `extension_allowlist`
comment and helps users mitigate content-type spoofing attacks.

Author: coloradosazulyanaranjados

lib/generators/templates/uploader.rb.erb

@@ -40,6 +40,14 @@ class <%= class_name %>Uploader < CarrierWave::Uploader::Base
   #   %w(jpg jpeg gif png)
   # end
 
+  # Add a content_type_allowlist to restrict uploads by MIME type.
+  # Without it, a user could upload a harmful file
+  # with a safe extension (content-type spoofing).
+  # For the previous extension_allowlist you might use something like this:
+  # def content_type_allowlist
+  #   /image\//
+  # end
+
   # Override the filename of the uploaded files:
   # Avoid using model.id or version_name here, see uploader/store.rb for details.
   # def filename