Introduce a mechanism to not allow unauthorized users to requset streams of other users without others user being aware of it

[daniel-abramov]

It seems like currently, we don't really check if a user who connects to the SFU has the right to participate in the call. The assumption is that everyone in the room can connect to the call (which is fair), but we provide no information to the peers about other peers being subscribed to their streams.

There have been several solutions discussed within the VoIP team:

• Make waterfall to be an Application Service (currently it's a bot), allowing waterfall to observe messages in the room and making sure that only people who posted the state event to participate in a call can join the conference.
• Make SFU "smarter" (traditional SFU design in which SFU is in charge of a conference and informs all connected peers about publishers, and subscribers people entering/leaving a conference).

(add if there were that were discussed and that I forgot to add here)