test(authorization): rewrite tests for legacy semantics

The pre-Track-B tests asserted RBAC role hierarchy (Reader can view
but not edit, Maintainer can manage members, etc). The legacy rewrite
collapses every per-product distinction to single-bit membership in
authorized_users, so 73 of 121 authorization tests broke after the
upstream merge.

Changes:

* Replace test_authorization.py with a legacy-faithful suite that
  exercises authorized_users, the Product_Type → Product → Engagement
  → Test → Finding membership chain, is_staff/is_superuser bypass,
  Action.SuperuserOnly / Delete / StaffOnly gates, the Permissions /
  Action / string input shapes, and the inert role-helper stubs.

* Update test_authorization_tags.py: the template filter is now a
  pass-through (no Permissions[name] lookup), so unknown permission
  strings fall through to permission_to_action() defaults instead of
  raising KeyError.

* Augment test_authorization_queries.py fixture to populate
  authorized_users for the directly-named users (so legacy queryset
  filters return the same set as the RBAC fixture), and flip
  assertions for users whose access path doesn't translate
  (Global_Role(Reader), Product_Group, Product_Type_Group) — those
  now correctly return empty querysets under legacy.

* Fix _get_authorized_endpoints / _get_authorized_endpoint_status to
  accept the user= kwarg the dispatcher passes (was raising TypeError
  on every endpoint API call from a non-superuser).

All 116 authorization tests pass (was 39/121).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: devGregA

dojo/authorization/query_registrations.py

@@ -376,16 +376,16 @@ def _get_authorized_location_product_reference(permission, queryset=None, user=N
 # ---------------------------------------------------------------------------
 
 
-def _get_authorized_endpoints(permission):
-    return _filter_by_authorized_products(Endpoint.objects.all(), "product", permission)
+def _get_authorized_endpoints(permission, user=None):
+    return _filter_by_authorized_products(Endpoint.objects.all(), "product", permission, user=user)
 
 
 register_auth_filter("endpoint.get_authorized_endpoints", _get_authorized_endpoints)
 
 
-def _get_authorized_endpoint_status(permission):
+def _get_authorized_endpoint_status(permission, user=None):
     return _filter_by_authorized_products(
-        Endpoint_Status.objects.all(), "endpoint__product", permission,
+        Endpoint_Status.objects.all(), "endpoint__product", permission, user=user,
     )