Add VIP key authentication support to embed pages

[Copilot]

Embed pages previously only supported Referer-based whitelist authentication, preventing private embedding via VIP keys despite backend support.

Changes

• Added query parameter capture in embed.rs using use_query_map() to access URL query params
• Modified API request construction to conditionally append ?key={vip_key} to the project endpoint when present
• Aligned with view page pattern for consistent VIP authentication behavior across both contexts

Implementation

// embed.rs now supports VIP key authentication
let query_params = use_query_map();

let project_data = create_resource(
    move || (started.get(), username(), slug()), 
    move |(is_started, u, s)| async move {
        let key = query_params.get_untracked().get("key").cloned().unwrap_or_default();
        let url = if key.is_empty() {
            format!("{}/api/project/{}/{}", api_base(), u, s)
        } else {
            format!("{}/api/project/{}/{}?key={}", api_base(), u, s, key)
        };
        // ... rest of request handling
    }
);

Embed URLs like /embed/{username}/{slug}?key={vip_key} now bypass the Guest List check when the key matches the stored embed_key, enabling private embedding scenarios.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.