837b194224
uses common function PVE::Tools::download_file_from_url to download iso files. Only users with permissions `Sys.Audit` and `Sys.Modify` on `/` are permitted to perform this action. This restriction is due to the fact, that the download function is able to download files from internal networks (which are not visible/accessible from outside). Users with these permissions anyway have the means to alter node (network) config, so this does not create any further security risk. Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com>