Stop serving group domain files when they are shadowed by a project in that group

As discussed in !94 (merged)

Given a -pages-root like this:

group/
  group.example.io/
    public/
      project/
        foo.html
      index.html
  project/
    public/
      index.html

A request to https://group.example.io/project/index.html is served from the project/ subdirectory. However, https://group.example.io/project/foo.html also works, and returns the file from the group.example.io subdirectory.

We still want https://group.example.io/index.html to work, but we want to stop serving foo.html in this way, as it greatly complicates access control logic.