External services: configure access control

[slemonide]

It should be possible to specify if external services can only be available to logged in users, or to anyone on the internet.

Note: second case is a potential security vulnerability. Need to configure network properly (make it impossible for external service to sniff packets from other containers).

For logged in users, it should then be possible to specify who can access it. I.e. only users who are in that project. Or all users.

[slemonide]

Possible implementation: add another chip-proxy as a service, and then route all dashboards through it. Do this instead of toying with jupyterhub's proxy directly.