While it may appear to be beneficial to attach a file to an email notification, the net result is to increase enterprise storage requirements (file will be stored at least 3 times for a single notice) and the file could then be sent vial forwarding in an uncontrolled manner, possibly compromising security. A much better approach to this problem is to send a doc/web link with the notification email so that the attachment is stored once for all who receive notices, and document security determines who gets to see the file.
If you abosolutely must (I can conceive of why you would want to do this) go down this path, you can give the user a button to perform the attachment (instead of just allowing them to plunk in a file into a visible rich text field) so that you programmatically generate a richtextitem that you can then append via script in the background to the notification email. This also has the benefit of controlling the downloading of the attachment via button visibility after the parent form is saved. This schema can also be used to store attachments in separate documents so that just a list of the docs appears on the form; this allows all kinds of neat security controls over who gets to see/download which files from the form.