[SECURITY] Add password check for Public URL of published chatbots and agents.

[YuanfengZhang]

Self Checks

• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
• [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
• Please do not modify this template :) and fill in all the required fields.

1. Is this request related to a challenge you're experiencing? Tell me about your story.

While the development page is guarded by the administrator of workspace, the URLs of robots are not protected. If it's online, it will be surely prone to get abused or hacked. If it's embeded on a well-developed commerical website, it can be protected by the authorization systems of the website itself. However, in other cases, at least a password check with attempt limit for every IP address is necessary, to prevent abuse and other malicious behaviors.

2. Additional context or comments

There may be two approaches:

1. Extend the list of roles of members: Admin, Editor, Normal, User
   The "User" account cannot login the development page, but only permitted to login a specific public URL to use one published robots.
2. Create the ability to set an unique password for every robot when publishing.

3. Can you help us with this feature?

• I am interested in contributing to this feature.