Restrict users to organisations explicitly granted only

[vlaurin]

Currently, trying to retrieve an organisation which is not explicitly granted to the authenticated user returns a default organisation profile with INDIVIDUAL access and PUBLIC classification.

https://github.com/quickcase/spring-oidc/blob/main/api/src/main/java/app/quickcase/spring/oidc/authentication/QuickcaseUserAuthentication.java#L53-L60

Instead, a security exception should be thrown to interrupt processing and prevent access as users should only be allowed access to organisation they were explicitly granted.