http_exceptions: insufficient permissions use 403 status code

[DrPyser]

NOTE: before merging this,

• evaluate if we're okay exposing permission errors as 403 (already visible in response body)
• evaluate impact on each impacted wazo service (minimally, create PR with Depends-On on this one to find what breaks in tests)

See wazo-confd wazo-platform/wazo-confd#565 for example of impact and changes required.

Note

Low Risk
Low risk: changes only the HTTP status/message for insufficient-permission tokens and tightens unit test coverage; main risk is behavior change for clients that previously expected 401 in this case.

Overview
Updates MissingPermissionsTokenAPIException to respond with 403 Forbidden (and error_id='forbidden') rather than 401 Unauthorized when token validation fails due to missing permissions or invalid tenant.

Extends test_auth_verifier to assert the new 403 behavior for missing permissions and to explicitly assert 401 for invalid tokens, clarifying expected status codes per failure mode.

^{Reviewed by Cursor Bugbot for commit 5318d23. Bugbot is set up for automated code reviews on this repo. Configure here.}

[wazo-community-zuul]

Build succeeded.
https://zuul.wazo.community/zuul/t/local/buildset/0030727fd19d462baf9d000e85040486

✔️ wazo-tox-py311 SUCCESS in 2m 39s
✔️ tox-linters SUCCESS in 2m 31s
✔️ wazo-tox-integration-py311 SUCCESS in 5m 46s
✔️ debian-packaging-bookworm SUCCESS in 2m 20s