Unauthorized result uses wrong HTTP status code #10
Description
The UnauthorizedResult class is currently mapped to the Unauthorized ASP.NET Core action result, but that is actually incorrect and is the result of an ambiguity in language.
"Unauthorized" in the HTTP sense of the word actually typically means "Unauthenticated" and uses the 401 status code. This status code can cause things like authentication challenges, when that's not what we want if we return an UnauthorizedResult.
Our definition of "Unauthorized" means you are likely authenticated (as authentication is not a concern of this library) but are not allowed to perform the operation. Therefore, the correct status code to return in this case is 403, which is "Forbidden."