Switch to policy-based authorization for controllers

Replaced role-based [Authorize] attributes with policy-based ones in AuthController and TfaRegistrationController. This centralizes authorization logic and allows for more flexible access control.

EnvelopeGenerator.API/Controllers/AuthController.cs

@@ -34,7 +34,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
     /// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
     [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
     [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
-    [Authorize(Roles = $"{Role.Sender},{Role.Receiver.FullyAuth}")]
+    [Authorize(Policy = AuthorizationPolicies.SenderOrReceiverFullyAuth)]
     [HttpPost("logout")]
     public async Task<IActionResult> Logout()
     {
@@ -56,7 +56,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
     [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
     [HttpGet("check")]
-    [Authorize(Roles = $"{Role.Sender},{Role.Receiver.FullyAuth}")]
+    [Authorize(Policy = AuthorizationPolicies.SenderOrReceiverFullyAuth)]
     public IActionResult Check([FromQuery] string role) => User.IsInRole(role) ? Ok() : Unauthorized();
 
     /// <summary>

EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs

@@ -111,7 +111,7 @@ public class TfaRegistrationController : ControllerBase
     /// <summary>
     /// Logs out the envelope receiver from cookie authentication.
     /// </summary>
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Policy = AuthorizationPolicies.ReceiverFullyAuth)]
     [HttpPost("auth/logout")]
     public async Task<IActionResult> LogOutAsync()
     {