GNU less is a fancy pager. Set env var LESSSECURE=1 to disable some features like running ! shell commands. See man less, security section.
Restricting a execution of programs based on rules, and blocking other things, is called an allowlist. A subset of execution prevention mitigations.
An application might be confined to a chroot or container with only the minimum set of software defined. However, this likely is not a good fit for your example of a log parsing program where it is not the only thing happening on the host.
A libre implementation of application blocking would be fapolicyd. Red Hat has taken it up, for example. In this case, you might have:
allow perm=execute uid=logviewer : path=/usr/bin/less
allow perm=execute uid=logviewer : path=/usr/bin/tail
allow perm=execute uid=logviewer : path=/usr/bin/cat
allow perm=execute uid=logviewer : path=/sbin/nologin
deny_audit perm=execute uid=logviewer : all
Or, selinux exists as a different method for access control, which allows for custom policy.
Although a strict execution policy around this user may only matter to you if it is plausible they can run other commands. With less secured, no credentials for the service account, and the allowed commands in switch user policy (sudo, polkit, doas) it is no longer trivial to run arbitrary commands.
There are ways to avoid needing a log viewer on the host. Consider centralized logging, with some application to parse and show log events.
