fix(AnnotationController): enforce proper rejection and history checks in CreateOrUpdate

- Updated `AnyHistoryAsync` call to filter by `EnvelopeRejected` and `DocumentRejected` statuses, returning 403 instead of 200 when applicable.
- Ensures users cannot proceed if envelope was previously rejected.
- Minor cleanup in CreateOrUpdate logic to better handle authorization and signed checks.

EnvelopeGenerator.Application/Histories/Queries/CountHistoryQuery.cs

@@ -26,7 +26,7 @@ public static class CountHistoryQueryExtensions
     /// <param name="statuses"></param>
     /// <param name="cancel"></param>
     /// <returns></returns>
-    public static async Task<bool> AnyHistoryAsync(this ISender sender, string uuid, IEnumerable<EnvelopeStatus> statuses, CancellationToken cancel)
+    public static async Task<bool> AnyHistoryAsync(this ISender sender, string uuid, IEnumerable<EnvelopeStatus> statuses, CancellationToken cancel = default)
     {
         var count = await sender.Send(new CountHistoryQuery
         {

EnvelopeGenerator.Web/Controllers/AnnotationController.cs

@@ -12,7 +12,6 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using System.Dynamic;
 
 namespace EnvelopeGenerator.Web.Controllers;
 
@@ -60,8 +59,8 @@ public class AnnotationController : ControllerBase
         // Again check if receiver has already signed
         if (await _mediator.IsSignedAsync(uuid, signature, cancel))
             return Problem(statusCode: 403);
-        else if (await _mediator.AnyHistoryAsync())
-            return Problem(statusCode: 200);
+        else if (await _mediator.AnyHistoryAsync(uuid, new[] { EnvelopeStatus.EnvelopeRejected, EnvelopeStatus.DocumentRejected }, cancel))
+            return Problem(statusCode: 403);
 
         var docSignedNotification = await _mediator
             .ReadEnvelopeReceiverAsync(uuid, signature, cancel)