fix(middleware): Skip viewer context for static asset routes

Avoid accessing request.user for ANONYMOUS_STATIC_PREFIXES paths,
which would add Vary: Cookie and break HTTP caching for static assets.
This matches the pattern used by StaffMiddleware and SuperuserMiddleware.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: gricha

src/sentry/middleware/viewer_context.py

@@ -2,6 +2,7 @@
 
 from collections.abc import Callable
 
+from django.conf import settings
 from django.http.request import HttpRequest
 from django.http.response import HttpResponseBase
 
@@ -26,6 +27,12 @@ def ViewerContextMiddleware_impl(request: HttpRequest) -> HttpResponseBase:
         if not enabled:
             return get_response(request)
 
+        # This avoids touching user session, which means we avoid
+        # setting `Vary: Cookie` as a response header which will
+        # break HTTP caching entirely.
+        if request.path_info.startswith(settings.ANONYMOUS_STATIC_PREFIXES):
+            return get_response(request)
+
         ctx = _viewer_context_from_request(request)
         with viewer_context_scope(ctx):
             return get_response(request)