In order to avoid string manipulation or modify route params (to make them unambiguous for `url_for`), we are accepting a behavior change:
When being redirected to the canonical path for a group, if you requested a group show path starting with `/groups/…` then you’ll now be redirected to the group at root `/…`.
Don’t replace a substring of the path if it is part of the top level route.
E.g. When redirecting from `/groups/ups` to `/groups/foo`, be careful not to do `/grofoo/ups`.
Projects are unaffected by this issue, but I am grouping the `#ensure_canonical_path` tests similar to the group and user tests.
Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all.