When someone requests a file (e.g., video from the WP uploads file), the web server responds by sending the user that file. The web server doesn’t even need to ask the CMS what to do, because the requested URL is just a static asset.
What you’re looking for is called something like “private files” (or at least in Drupal it is). This article may point you in the right direction from a WP perspective: https://tech-tamer.com/how-to-keep-an-uploaded-file-private-in-wordpress/
Just remember that you can’t change the server config on Pantheon, so if a plugin asks you to add, e.g., a rewrite rule to .htaccess file, that won’t work.