SECURITY: only allow metrics on default db

SECURITY: only allow metrics on default db

metrics contain cross site data, only allow it on default database

diff --git a/lib/middleware/metrics.rb b/lib/middleware/metrics.rb
index 046aa75..7861f34 100644
--- a/lib/middleware/metrics.rb
+++ b/lib/middleware/metrics.rb
@@ -32,7 +32,8 @@ module DiscoursePrometheus
       host = RailsMultisite::ConnectionManagement.host(env)
       result = false
       RailsMultisite::ConnectionManagement.with_hostname(host) do
-        result = !!CurrentUser.lookup_from_env(env)&.admin
+        result = RailsMultisite::ConnectionManagement.current_db == "default"
+        result &&= !!CurrentUser.lookup_from_env(env)&.admin
       end
       result
     end

GitHub sha: 7d8bfcba