fix: optionally return HTTP 403 instead of 401 when unauthorized

[dpgaspar]

Description

Adds a temporary flag named AUTH_STRICT_RESPONSE_CODES that enables strict (correct) authorization HTTP responses, instead of 401 sends 403 when a user is not authorized to make a request to an endpoint.

ADDITIONAL INFORMATION

• Has associated issue:
• Is CRUD MVC related.
• Is Auth, RBAC security related.
• Changes the security db schema.
• Introduces new feature
• Removes existing feature

[codecov]

Codecov Report

Merging #1748 (de69ddd) into master (e09e629) will increase coverage by 0.02%.
The diff coverage is 90.00%.

@@            Coverage Diff             @@
##           master    #1748      +/-   ##
==========================================
+ Coverage   76.76%   76.78%   +0.01%     
==========================================
  Files          56       56              
  Lines        8124     8131       +7     
==========================================
+ Hits         6236     6243       +7     
  Misses       1888     1888              

Flag	Coverage Δ
python	76.78% <90.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
flask_appbuilder/security/decorators.py	88.23% <90.00%> (-0.23%)	⬇️
flask_appbuilder/api/__init__.py	97.79% <0.00%> (+0.14%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e09e629...de69ddd. Read the comment docs.