I saw some of your engagements with Gatsby team on Twitter. Let me repost their suggestions here so that also others can benefit:
Knowledge from Gatsby team:
Unless you control the hosting environment and can authorize access to files, you can’t protect built files. Another option is to not build those pages but instead push the queried data to a database w/ API that you can queried from authenticated clients.
The easiest way is to put the authenticated page data behind an API and load them from the client when user has authenticated.
Also this blogpost from us:
How to Secure GatsbyJS Sites with Auth0 for Authentication (static sites)