feat(static): add proper HEAD support and method filtering

[alexchenai]

Summary

Fixes #2337.

• HEAD support: Static routes now handle HEAD requests by returning all relevant headers (Content-Type, Content-Length, ETag, Last-Modified, Accept-Ranges) without opening a file stream for the response body. This avoids unnecessary file I/O for HEAD requests.
• Method filtering: Unsupported HTTP methods (POST, PUT, PATCH, DELETE) now receive a 405 Method Not Allowed response with a proper Allow header.
• OPTIONS fix: The Allow header in OPTIONS responses now correctly lists all supported methods (GET, HEAD, OPTIONS) instead of just GET.

Changes

• falcon/routing/static.py: Added _ALLOWED_METHODS class variable, method validation at the top of __call__, HEAD-specific handling that sets headers and closes the file without streaming, and updated OPTIONS to advertise all allowed methods.
• tests/test_static.py: Added tests for HEAD requests (normal + 304 Not Modified), 405 Method Not Allowed for unsupported methods, and OPTIONS returning all allowed methods.
• docs/_newsfragments/2337.newandimproved.rst: Towncrier changelog fragment.

Test plan

• HEAD request returns correct headers with empty body
• HEAD request respects conditional headers (If-None-Match returns 304)
• POST/PUT/PATCH/DELETE return 405 with correct Allow header
• OPTIONS returns Allow header listing GET, HEAD, OPTIONS
• Verify existing static route tests still pass (CI)

Pull Request Checklist

This is just a reminder about the most common mistakes. Please make sure that you tick all appropriate boxes. Reading our contribution guide at least once will save you a few review cycles!

If an item doesn't apply to your pull request, check it anyway to make it apparent that there's nothing to do.

• Applied changes to both WSGI and ASGI code paths and interfaces (where applicable).
• Added tests for changed code.
• Performed automated tests and code quality checks by running tox.
• Prefixed code comments with GitHub nick and an appropriate prefix.
• Coding style is consistent with the rest of the framework.
• Updated documentation for changed code.
  • Added docstrings for any new classes, functions, or modules.
  • Updated docstrings for any modifications to existing code.
  • Updated both WSGI and ASGI docs (where applicable).
  • Added references to new classes, functions, or modules to the relevant RST file under docs/.
  • Updated all relevant supporting documentation files under docs/.
  • A copyright notice is included at the top of any new modules (using your own name or the name of your organization).
  • Changed/added classes/methods/functions have appropriate versionadded, versionchanged, or deprecated directives.
• Changes (and possible deprecations) have towncrier news fragments under docs/_newsfragments/, with the file name format {issue_number}.{fragment_type}.rst. (Run tox -e towncrier, and inspect docs/_build/html/changes/ in the browser to ensure it renders correctly.)
• LLM output, if any, has been carefully reviewed and tested by a human developer. (See also: Use of LLMs ("AI").)

If you have any questions to any of the points above, just submit and ask! This checklist is here to help you, not to deter you from contributing!

PR template inspired by the attrs project.

[vytas7]

Hello @alexchenai, and thanks for this PR!

Why did you remove the PR template? We don't strictly require that if you know what you're doing, but in this case it would have been helpful.

I have resurrected it below your AI-generated summary, please go through the steps carefully.