Browser cache life is too short and restricted

[steverep]

The problem

The term "critical asset" here would mean that the page would either break or not make sense if a stale copy were served, which I don't think is the case for any uses of these brand images. With that in mind:

1. A browser cache life of 15 minutes for non-critical and largely static images is much too short. This forces a lot of unnecessary revalidations over the net which reduces performance. Since they are heavily used in the frontend, it also means that HA cannot survive even a small internet outage. This should be more like a week or even a month.
2. It does not make sense to have s-maxage > max-age. Right now, the server is saying Cloudflare can consider a copy fresh for a week, but the browser should stop treating it as fresh after only the first 15 minutes of that, forcing a revalidation nearly every load. This scenario only makes sense as a technique for reducing origin server load on critical assets that rarely change (because the proxy can be purged when needed). Instead, here it makes sense that s-maxage <= max-age, so Cloudflare picks up changes faster without browsers losing their cache benefits (essentially getting changes to users faster).
3. The must-revalidate directive is also too strict here as again the images are not critical. At the end of max-age, browsers should be free to serve stale copies as they see fit in case of an outage. The stale-while-revalidate strategy can also be used here instead for browsers that support it.

Additional information

Equivalent frontend issue is home-assistant/frontend#17560. However, that can only be addressed via the service worker, which does not apply to legacy browsers or access without https.