With this approach (embedding PDF in browser), the simple answer is You Can’t - it’s not possible.
If you are in charge of the content of the PDF, it might be possible to restrict permission on the PDF file itself, but you can’t dynamically remove menu items/functionality when embedding another application inside a browser.
I would point out that there are free-to-use services online that allow you to remove security from a PDF file, so it’s not foolproof.
Ultimately, if you’re deploying a PDF file to the browser, it’s going to be relatively easy to print that document.
The only other approach I can think of is not to deploy the PDF to the browser, but to create your own PDF viewer in Vaadin (using PDFBox to render each PDF page as images).
None of these are things are trivial and frankly, I suspect they are more trouble than it’s worth.