Restrict certificates route to Grover middleware

Grover turns the html output of the certificates#show action into a PDF response, but we don't want to expose HTML format as a valid response.
So limit the route to Grover middleware requests.

Gemfile.lock

@@ -151,11 +151,10 @@ GEM
     cgi (0.4.1)
     childprocess (5.0.0)
     coderay (1.1.3)
-    concurrent-ruby (1.3.4)
-    concurrent-ruby (1.3.3)
     combine_pdf (1.0.26)
       matrix
       ruby-rc4 (>= 0.1.5)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     console1984 (0.2.1)
       irb (~> 1.13)

app/controllers/qualifications/certificates_controller.rb

@@ -31,6 +31,10 @@ def render_certificate?
         teacher.passed_induction?
       when :qts
         teacher.qts_awarded?
+      when :eyts
+        teacher.eyts_awarded?
+      when :npq
+        teacher.npq.present
       else
         qualification.awarded_at.present?
       end

app/views/qualifications/certificates/_npq.html.erb

@@ -0,0 +1,12 @@
+<img src="/qts-certificate.jpg" class="header-image" alt="Department for Education" />
+
+<div class="content">
+
+  <p class="text">This is to certify that: <strong><%= teacher.name %></strong></p>
+  <p>&#160;</p>
+  <p class="text">has been awarded the</p>
+  <p>&#160;</p>
+  <h2 class="heading"> <strong><%= qualification.name %></strong></h2>
+  <p>&#160;</p>
+  <p class="text">Any potential employer can independently confirm your teacher status online at:<br/>https://teacherservices.education.gov.uk</p>
+</div>

config/routes/aytq.rb

@@ -16,7 +16,9 @@
 
   resource :start, only: [:show]
 
-  resources :certificates, only: [:show]
+  resources :certificates, only: [:show],
+    constraints: ->(req) { req.env["Rack-Middleware-Grover"] == "true" }
+
   resource :identity_user, only: [:show]
   resource :one_login_user, only: [:show], path: "one-login-user" do
     resources :name_changes,