reintroduce (safe?) tempUrl for DLO

https://github.com/openstack/swift/commit/10b2939b433a4a79b4f7b97640b3d208cacfeffb fixed CVE-2015-5223 / https://bugs.launchpad.net/mos/+bug/1487450
by introducing
> DISALLOWED_INCOMING_HEADERS = 'x-object-manifest x-symlink-target'
in swift/common/middleware/tempurl.py#L321

> To prevent discoverability attacks which can use any PUT tempurl to probe for private data by creating a DLO object manifest and then using the PUT tempurl to head the object which would 404 if the prefix does not match any object data or form a valid DLO HEAD response if it does.

I submit large files as chunks (segments) using form-post middleware + tempUrl and would like users create corresponding manifest after their chunks were uploaded but this currently results in
> The header 'X-Object-Manifest' is not allowed in this tempurl

But there are (legitimate) uses for DLO through tempUrl.
Couldn't tempUrl middleware allows for `x-object-manifest` under some limited conditions?

One such conservative (but still useful) behavior would be to allow tempUrl DLO manifest creation if the segment's prefix is a controlled substring of the DLO, so that `foo/bar.bin` could be constructed from `foo/bar/*` segments.