Refactor the AdminOnly authorization policy to handle cases where a user profile is not found.
Instead of throwing a NotFoundException, it now throws a ForbiddenException, ensuring a more appropriate response for unauthorized access attempts.
Also introduces PolicyConstants for policy names.
Implement global exception handling to provide consistent error responses.
Registes custom exceptions with corresponding HTTP status codes and descriptions.
Relocates the endpoint for updating user admin status from the dedicated AdminController to the UserProfileController.
This consolidates user profile management under a single controller
and leverages existing authorization policies.
