Gap 2587/redirect to404when not allowed on a page

[a-lor-cab]

GAP-2587

Description

if a user was logged in, and tried to access any other subdomain not within his role capabilities, the user service was redirecting the user to its dashboard.
we now implemented logic to redirect the user to a 404/page based on the user role

Summary of the changes and the related issue. List any dependencies that are required for this change:
cabinetoffice/gap-user-service#202

Type of change

Please check the relevant options.

• Bug fix (non-breaking change which fixes an issue).
• New feature (non-breaking change which adds functionality).
• Breaking change (fix or feature that would cause existing functionality to not work as expected).
• This change requires a documentation update.

How Has This Been Tested?

Please describe the tests that you ran to verify your changes:

• Unit Test

• Integration Test (if applicable)

• End to End Test (if applicable)

Screenshots (if appropriate):

Please attach screenshots of the change if it is a UI change:

Checklist:

• If I have listed dependencies above, I have ensured that they are present in the target branch.
• I have performed a self-review of my code.
• I have commented my code in hard-to-understand areas.
• I have made corresponding changes to the documentation where applicable.
• I have ran cypress tests and they all pass locally.

[tco-olivergodby]

CAUTION! There is some kind of horrible regression in this repo - speak to Paul Lawlor, check the Automated Checks

Looks good to me - merge when ready

[jgunnCO]

hmm git has been doing some strange merges today - this line needs to be removed or we'll end up calling this middleware twice (it's also invoked after authenticateRequest in the calling middleware function below), which does not work as I discovered yesterday