Related:
#1444620: Remove file signing from configuration system
#1914018: hook_requirements() for un-proteced configuration directories
#1183044: Test whether htaccess protection works
Goal
- Decrease security checks and validations to a single point of failure.
Proposed solution
- Change the installer to expose a required setting for the private filesystem path.
- Store the private filesystem path in settings.php.
- Create config directories in the private filesystem path.