fix: check authorities in app adapter [LIBS-370]

[KaiVandivier]

Address LIBS-370

Includes the fixes for LIBS-356 and LIBS-357 (which were split off from here and merged in separate PRs)

Checks authorization on the client side by using an AuthBoundary component to check correct authorities and block the app if necessary. This is needed because some deployment environments don't return a 403 'Forbidden' response (like standalone deployments and Netlify, it seems)

Todo:

• [x] Get correct app name (and maybe format) for auth checks from CLI and add to app env
• [x] Add UI for "Forbidden" screen instead of just hitting the error boundary
• [x] Clean up useVerifyLatestUser

UI Draft, updated:

[KaiVandivier]

You can test the boundary by logging in as a guest user (user guest, pass Guest123), which shouldn't have access to all apps -- also see the 'production env' test above that you can comment out to test it in a dev environment locally

[amcgee]

@KaiVandivier there is quite a bit of overlap here with #754 by the way

[KaiVandivier]

@amcgee I noticed that -- I refactored the app wrapper in my latest commit to work well with the changes that you have here: https://github.com/dhis2/app-platform/pull/754/files#diff-58fcbeed2ec3103f3d186cb172bf2da570e316e008fb614240d6aa0f72df7574

Taking a closer look now though

[KaiVandivier]

Also added handling for server versions < 35, as in https://github.com/dhis2/app-platform/blob/fix/pwa-handle-navigations/cli/src/lib/constructAppUrl.js#L8

[KaiVandivier]

Drafted while this is on the back-burner

[KaiVandivier]

I think concerns have been addressed and this is ready for rereview @amcgee