Add "No Access" page

[dynamictulip]

Changes the auth processes in FIAT to allow unauthorised users to be redirected to a "No Access" page.

User Story 135671: Build: Authentication - Add access-denied screen

Changes

No Access specific changes

• Add ADR about "No Access" page
• Create authorised FIAT user role and add role requirement to authorisation
• Add no access page and add redirect logic (described in ADR)
• Hide header and footer areas not accessible to users without FIAT access
• Make cookies, accessibility statement and privacy notice pages accessible to users without FIAT access
• Update MockHttpContext to have separate cookie mocks and to mock user authentication state

Other changes:

• Fix Privacy page having incorrect width
• Move EnvironmentExtensions.cs into the Extensions folder
• Change SameSite setting for the login cookie to current Microsoft recommendation of Lax
• Move FIAT cookie names to static config class
• Update name of cookie consent cookie to be consistent with application name and what is displayed in the Cookie UI

(This was a long running piece of work with change of direction which originally touched these areas)

Screenshots of UI changes

New "No Access" page

Header changes

Authorised user (No change)

Unauthorised user

Footer changes

Authorised user (No change)

Unauthorised user

Checklist

• Pull request attached to the appropriate user story in Azure DevOps
• ADR decision log updated (if needed)
• Release notes added to CHANGELOG.md
• Testing complete - all manual and automated tests pass

[nwarms]

Approving as my comment isn't really a huge issue so up to you if you want to do it

[sonarcloud]

Quality Gate failed

Failed conditions
2 New Code Smells (required ≤ 0)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

[dynamictulip]

Moving to using a feature branch which is formed from the main code implementation part of this branch. Other commits will be merged into that branch

New PR at #580