Draft: Whitelist "/static" as a path to not require login
The static assets should not require login; So adds those to the whitelist as well.
While there refactor the code somehwat to make it simpler to read and extend, rather then copy-pasting the is_relative_to reimplementation
Signed-off-by: Sjoerd Simons sjoerd@collabora.com