Fixed 500 return code from several endpoints.
/api/v1/fleet/perform_required_password_reset
- Now returns 403 when Authorization token is missing
/api/v1/fleet/hosts_summary
- Now returns 400 when low_disk_space parameter is invalid
/api/v1/fleet/demologin
- Now returns 403
/api/v1/fleet/sessions/*
- Now returns 400 on invalid input
#12274
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- Add policy.rego file defining authorization policies.
- Add Go integrations to evaluate Rego policies (via OPA).
- Add middleware to ensure requests without authorization check are rejected (guard against programmer error).
- Add authorization checks to most service endpoints.
