Relax and rename auth policies for sender/receiver roles

Replaced SenderOrReceiverFullyAuth and ReceiverFullyAuth policies with more general SenderOrReceiver and Receiver policies. Updated policy definitions in AuthPolicy.cs to use nameof for clarity. Adjusted AddAuthorizationBuilder configuration and [Authorize] attributes in controllers to use the new, less restrictive policies, simplifying authorization logic.

EnvelopeGenerator.API/Controllers/AuthController.cs

@@ -34,7 +34,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
     /// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
     [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
     [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
-    [Authorize(Policy = AuthPolicy.SenderOrReceiverFullyAuth)]
+    [Authorize(Policy = AuthPolicy.SenderOrReceiver)]
     [HttpPost("logout")]
     public async Task<IActionResult> Logout()
     {
@@ -56,7 +56,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
     [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
     [HttpGet("check")]
-    [Authorize(Policy = AuthPolicy.SenderOrReceiverFullyAuth)]
+    [Authorize(Policy = AuthPolicy.SenderOrReceiver)]
     public IActionResult Check([FromQuery] string role) => User.IsInRole(role) ? Ok() : Unauthorized();
 
     /// <summary>

EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs

@@ -111,7 +111,7 @@ public class TfaRegistrationController : ControllerBase
     /// <summary>
     /// Logs out the envelope receiver from cookie authentication.
     /// </summary>
-    [Authorize(Policy = AuthPolicy.ReceiverFullyAuth)]
+    [Authorize(Policy = AuthPolicy.Receiver)]
     [HttpPost("auth/logout")]
     public async Task<IActionResult> LogOutAsync()
     {

EnvelopeGenerator.API/Program.cs

@@ -178,9 +178,9 @@ try
     });
 
     builder.Services.AddAuthorizationBuilder()
-        .AddPolicy(AuthPolicy.SenderOrReceiverFullyAuth, policy =>
+        .AddPolicy(AuthPolicy.SenderOrReceiver, policy =>
             policy.RequireRole(Role.Sender, Role.Receiver.FullyAuth))
-        .AddPolicy(AuthPolicy.ReceiverFullyAuth, policy =>
+        .AddPolicy(AuthPolicy.Receiver, policy =>
             policy.RequireRole(Role.Receiver.FullyAuth));
 
     // User manager