Description of problem:

Currently CephBackupDriver implements backup containers as ceph pools in backend Ceph cluster.
It uses backups pool by default but user can select any pools by setting the target container when creating a backup.
This results in unexpected situation where users create backups in any other pools like vms, volumes or etc, because we use the same credential which has access to all pools.
We should restrict available pools for cinder-backup to ensure that volume backups are created in dedicated ceph pools.

Version-Release number of selected component (if applicable):

How reproducible:
Always

Steps to Reproduce:
1. Deploy overcloud with Ceph and cinder-backup

2. Create an empty volume
$ openstack volume create testbackup

3. Create a backup from the volume, with a target container
$ openstack volume backup create testbackup --container vms

Actual results:
The volume backup is created in vms pool, which should be dedicated for ephemeral disks

Expected results:
Cinder-backup fails (or rejects) to create the volume backup.

Additional info: