exclude images and static media from dev origin check (#77417)
Excludes `/_next/image` and `/_next/static/media` as they don't contain sensitive information and prevents complications loading them in cases where they are inlined in CSS, as they'll be requested with `sec-fetch-mode: no-cors`.
x-ref: https://github.com/vercel/next.js/issues/77344
