Adds check to ensure only known view paths can be passed

[desertaxle]

When loading collection view data from disk, we pass a user-provided string into a path without first checking the value. This PR adds a check to prevent inadvertent exposure of local files via the /collections/views/ route.

Should resolve https://github.com/PrefectHQ/prefect/security/code-scanning/2010

Example

Checklist

• [x] This pull request includes a label categorizing the change e.g. maintenance, fix, feature, enhancement, docs.
• [x] This pull request references any related issue by including "closes <link to issue>"
  • If no issue exists and your change is not a small fix, please create an issue first.
• [ ] If this pull request adds new functionality, it includes unit tests that cover the changes
• [ ] If this pull request removes docs files, it includes redirect settings in mint.json.
• [ ] If this pull request adds functions or classes, it includes helpful docstrings.