Strip trailing periods

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Author: jlklos

app/api/v2/handlers/payload_api.py

@@ -19,7 +19,10 @@
 
 def _validate_payload_extension(filename: str) -> None:
     """Raise HTTPBadRequest if the file extension is on the server-side executable blocklist."""
-    ext = os.path.splitext(filename)[1].lower()
+    # Normalize the filename so the extension check reflects how it will be stored
+    # on filesystems like Windows that ignore trailing dots and spaces.
+    normalized = filename.rstrip(". ")
+    ext = os.path.splitext(normalized)[1].lower()
     if ext in _BLOCKED_EXTENSIONS:
         raise web.HTTPBadRequest(reason=f"File type {ext!r} is not allowed as a payload")