See how it is done in one of the largest and oldest digital goods stores - plati.ru. There, when buying a file, a link is given that a person sees in his personal account after logging in. The link works only for the current user and it will not work if it is transferred to a third party. The main thing is that your link to the product works only for the current logged in user. And it doesn't have to be temporary.

I like the idea of ​​​​a personal account (LK) more. All resources purchased by the user should always be available to him through the personal account. The user enters the personal account, it checks which resources are purchased from him, and when you click on the Download button, the corresponding files are given to the user.
If you really want to give out links, but there is no personal account (for example, a user sends a paid SMS, and a link is sent back to him), then you need to insert a key inside each link. This key is created for a specific resource and is valid for, say, a week or 2 days (here you have to think about it).
I want to say that nothing prevents the user from uploading the file you downloaded to any file hosting service and distributing a public link to everyone, so you shouldn’t bother much here (make links that only last 10 minutes or allow only one download).

Zip it up and email it =))))

You can write down the keys that are passed in the link, store them in the database, when you follow the link, it is checked if you have access to this key, if so, for which product.
If everything is OK, you give the file to the client with a script, and the file itself can lie anywhere, you can transfer it with a script even with ftp. Only in this case, you need to use a lightweight web server, otherwise, with a large number of simultaneous downloads, it will be tight.
If you develop the option indicated by yaksa , you can not copy the file, but make symlinks to the original file with a unique address for each user, delete the symlink when it expires.

> 1) Where is the best place to store the materials themselves? FTP server, file hosting?
On any server running nginx with a wide channel. There is no need to set restrictions such as downloading only in 1 stream or restrictions on the download speed - you have a store, not a free rapidshare. Think not how to make it easier for you, but how it is more convenient for the client.
> 2) How to form a link that is unique for each buyer, but constant with respect to the resource?
Add something like key/session_id to the link, and in nginx use an external script call to check the key and account. For example, storage.example.org/key-123456789/History of Roman law in 3 volumes, v.1, Ivanov A.A.pdf
Key can be tied to the login, the first 3 digits of IP and time.
If the key is incorrect, do not display incomprehensible HTTP 403 errors, but return to your personal account to the error page and display a phone number that you can call in case of download problems.
The file must have a normal human-readable name, not an md5 hash.
> 3) What protection mechanisms should be used to prevent this link from being shared? Lifetime, IP binding, SMS confirmations?
See answer 2
> 4) How can I secure the materials I sell in storage? Use permissions?
See answer 2

The client receives a temporary link to the site in his store account. Let's say the product "weighs" 5 megabytes. Therefore, you can download it quickly. We give the lifetime of the link - 60 minutes (what if he has a dial-up?). You can set a cookie for the user when he requests a link. Check it when accessing a file via a link so that no one but this person can download the file. Store on your server. When generating a link, copy the file to a temporary directory. Psoe expiration of the lifetime of the link file is killed.
This is a go option. If you think about it, you can invent something else.