Consider integrating or referencing GraphQL multipart spec

[mike-marcacci]

When it comes to sending large scalars over HTTP, @jaydenseric's graphql multipart spec is the de facto standard at this point, being supported by many languages and tools, including Apollo's ecosystem.

There is probably value to either integrating or referencing his spec here.

[wtrocki]

Worth noting that this spec is now widely adopted in popular GraphQL servers and became standard on its own. OData specification which is very close to the HTTP protocol have similar concepts for binary formats.

[dylanowen]

If we are looking at integrating graphql multipart spec into graphql over http I'd recommend we rework the implementation. The current spec is very specific to a JS Server Middleware and other languages have to work around these constraints when implementing it.

[glasser]

I would not recommend adding this to the spec, but if we do, it should only be done in a way that discourages users from accidentally exposing themselves to CSRF errors; naive usage of this multipart spec generally adds CSRF mutations to cookie-using servers that are otherwise protected against them. I'd recommend reading my proposed security addition to the multipart spec as part of considering this: jaydenseric/graphql-multipart-request-spec#64