Draft: Whitelist "/static" as a path to not require login

The static assets should not require login; So adds those to the whitelist as well.

While there refactor the code somehwat to make it simpler to read and extend, rather then copy-pasting the is_relative_to reimplementation

Signed-off-by: Sjoerd Simons sjoerd@collabora.com