I'm missing a lot of 3D formats, but I haven't seen those used much in Wordpress. Willing to entertain more file types as long as they can't be used to do sneaky stuff 
. I feel like .htaccess files can be very malicious (for redirects).
For SVGS, this post had some interesting info about SVGs + security in Wordpress: Enable SVG Support in WordPress. The best in class 'cleaner' for SVGs seems to be: GitHub - darylldoyle/svg-sanitizer: A PHP SVG/XML Sanitizer but I'm not sure it's the right move to integrate that here.