feat: restrict path on downloadToken cookies
fix: don't allow to use download token for Stored AIP because resId are bigger than conventional resId
fix: don't allow to use download token for Stored AIP because resId are bigger than conventional resId