Match sharable GOUI urls only

We should be in control over which pages/parts of GOUI ( Explorer, single dashboard or trace etc ) are embeddable.

Currently the user can just embed any link to observe.gitlab.com and GOUI will be rendered.

The user could embed pages that might not be accessible by everyone, which would result in the user being redirected to the home page. Or the user might be able to access pages that are currently not enabled (like dashboards)

Note we still want to support shortened URLs, which looks like observe.gitlab.com/goto/SHORT_ID, so it might not be straightforward to whitelist/blacklist some URL patterns.

Some use cases that should be prevented.

Embedding GOUI home page https://observe.gitlab.com/9970/?groupId=14485840
Embedding Datasource page (if the user is not a maintainer, it will be redirected to the home page ) https://observe.gitlab.com/9970/datasources?groupId=14485840
Embedding Dashboards page (this page should currently be disabled to the user) https://observe.gitlab.com/9970/dashboards?groupId=14485840

Edited Mar 01, 2023 by Daniele Rossetti