fix: Add missing authorization to Identity endpoints

- ChangePasswordEndpoint: Add RequireAuthorization() for logged-in users
- GetUserProfileEndpoint: Add RequireAuthorization() for logged-in users
- AssignUserRolesEndpoint: Add RequirePermission(Users.ManageRoles)
- GetUserPermissionsEndpoint: Add RequirePermission(Users.View)
- Add Users.ManageRoles permission constant

These endpoints were previously accessible without proper authorization checks.

Author: jarvis

src/BuildingBlocks/Shared/Identity/IdentityPermissionConstants.cs

@@ -8,6 +8,7 @@ public static class Users
         public const string Create = "Permissions.Users.Create";
         public const string Update = "Permissions.Users.Update";
         public const string Delete = "Permissions.Users.Delete";
+        public const string ManageRoles = "Permissions.Users.ManageRoles";
     }
 
     public static class Roles

src/Modules/Identity/Modules.Identity/Features/v1/Users/AssignUserRoles/AssignUserRolesEndpoint.cs

@@ -1,4 +1,6 @@
-using FSH.Modules.Identity.Contracts.v1.Users.AssignUserRoles;
+using FSH.Framework.Shared.Identity;
+using FSH.Framework.Shared.Identity.Authorization;
+using FSH.Modules.Identity.Contracts.v1.Users.AssignUserRoles;
 using Mediator;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
@@ -27,6 +29,7 @@ internal static RouteHandlerBuilder MapAssignUserRolesEndpoint(this IEndpointRou
         })
         .WithName("AssignUserRoles")
         .WithSummary("Assign roles to user")
-        .WithDescription("Assign one or more roles to a user.");
+        .WithDescription("Assign one or more roles to a user.")
+        .RequirePermission(IdentityPermissionConstants.Users.ManageRoles);
     }
 }

src/Modules/Identity/Modules.Identity/Features/v1/Users/ChangePassword/ChangePasswordEndpoint.cs

@@ -21,6 +21,7 @@ internal static RouteHandlerBuilder MapChangePasswordEndpoint(this IEndpointRout
         })
         .WithName("ChangePassword")
         .WithSummary("Change password")
-        .WithDescription("Change the current user's password.");
+        .WithDescription("Change the current user's password.")
+        .RequireAuthorization();
     }
 }

src/Modules/Identity/Modules.Identity/Features/v1/Users/GetUserPermissions/GetUserPermissionsEndpoint.cs

@@ -1,5 +1,7 @@
 using System.Security.Claims;
 using FSH.Framework.Core.Exceptions;
+using FSH.Framework.Shared.Identity;
+using FSH.Framework.Shared.Identity.Authorization;
 using FSH.Framework.Shared.Identity.Claims;
 using FSH.Modules.Identity.Contracts.v1.Users.GetUserPermissions;
 using Mediator;
@@ -24,6 +26,7 @@ internal static RouteHandlerBuilder MapGetCurrentUserPermissionsEndpoint(this IE
         })
         .WithName("GetCurrentUserPermissions")
         .WithSummary("Get current user permissions")
-        .WithDescription("Retrieve permissions for the authenticated user.");
+        .WithDescription("Retrieve permissions for the authenticated user.")
+        .RequirePermission(IdentityPermissionConstants.Users.View);
     }
 }

src/Modules/Identity/Modules.Identity/Features/v1/Users/GetUserProfile/GetUserProfileEndpoint.cs

@@ -24,6 +24,7 @@ internal static RouteHandlerBuilder MapGetMeEndpoint(this IEndpointRouteBuilder
         })
         .WithName("GetCurrentUserProfile")
         .WithSummary("Get current user profile")
-        .WithDescription("Retrieve the authenticated user's profile from the access token.");
+        .WithDescription("Retrieve the authenticated user's profile from the access token.")
+        .RequireAuthorization();
     }
 }