I mean from a fully functional perspective, yes. What I’m proposing here is a hack, where you modify the API such that the response content includes presigned URLs, that you sign using custom controller logic, whilst also applying private to the ACL of any files when new content is created. It only really affects the Strapi editor if a user of the CMS attempts to access media via the editor.
Again it’s not ideal, but from a front-end user perspective, it provides the desired authentication control