Refactor the AdminOnly authorization policy to handle cases where a user profile is not found.
Instead of throwing a NotFoundException, it now throws a ForbiddenException, ensuring a more appropriate response for unauthorized access attempts.
Also introduces PolicyConstants for policy names.
Adds an authorization policy to restrict access to admin-only endpoints.
Creates an `AdminOnlyRequirement` and `AdminOnlyHandler` to check if a user has admin privileges.
Applies the "AdminOnly" policy to the AdminController to secure admin functionalities.
Modifies the endpoint for changing user admin status to include the user ID in the route.
