[BeefWellington]

   Furthermore, it was INTENDED BY DESIGN to load all JS/CSS from CDN, because ultimately it improves the user-experience, and makes it plausible to make an app like this wrapped into a single index.php file.

I get the rest of the points you're making but I think the flak you're getting is largely about what you consider the "user" here. You're responding from the point of view of the person I am sharing my photos with, whereas most of the respondents are responding from the point of view of the me, the guy who is gonna actually use this app. There's a mid-sized vocal crowd of self-hosters here on HN and from my own observation a tendency to prefer control over these sorts of things.

   Does anyone have any examples of any other single-file app with a comprehensive interface like Files app that is entirely self-contained?

Your app is, as you noted, not single-file. Setting that aside though, the density of the interface is kind of irrelevant to where the CSS and JS are hosted. There's loads of on-premise enterprise apps that do not load data from CDNs and have much more convoluted user interfaces. Plus they work on an otherwise disconnected network, do not subject users to potential tracking, etc.

I would also warn you, having seen this happen to a friend's project, the absence of any robust license text inside the package and/or spelled out on the website is going to give you some headaches. For example, does "use" of the app include customization? What type of customization is possible and accepted? If you allow some customization, you'd need to be careful to spell out explicitly that people can't just edit the PHP and remove the nag, etc.

One other thing to note: The application is very vulnerable to Cross-Site Scripting.