Rename UnauthenticatedException -> UnauthorizedException and UnauthorizedException -> ForbiddenException

[jmphilli-cash]

It looks like we rename these underlying http status codes when in gets packaged as a class. See here

This is very confusing.
HTTP 401 is canonically Unauthorized.
HTTP 403 is canonically Forbidden.
There is no "unauthenticated" status code.

This rename means users reaching for an Unauthorized http status (401) will inadvertently return a 403. Users looking for a Forbidden http status will be confused and have to dig.

We should be able to simply add a ForbiddenException to handle the 403 case. Then we can deprecate the older UnauthorizedException.
We can also introduce UnauthorizedExceptionV2 and deprecate the UnauthenticatedException.

[frojasg]

These names are higher-level concepts meant to describe action exceptions independently of the protocols used to be transmitted (e.g., HTTP and gRPC)

gRPC uses UNAUTHENTICATED instead of the HTTP Unauthorized which can leads even to further confusion.

Open to talk more about it if you feel strongly about this.

[jmphilli-cash]

These exceptions include HTTP codes
code pointer

[frojasg]

The WebActionException includes the grpcStatus as well. These fields are used by the WebActionExceptionMapper to know how to translate to the relevant response depending on the protocol.