fix(auth): correctly propagate exceptions in completeEmailSignIn

Refactors the try-catch block in the `completeEmailSignIn` method to correctly handle exceptions during user lookup and creation.

Previously, any `HtHttpException` (including `ForbiddenException` thrown for users without dashboard permissions) was caught and re-thrown as a generic `OperationFailedException`. This masked the original error and prevented the `errorHandler` middleware from returning the correct 403 status code.

This change ensures that `HtHttpException` subtypes are re-thrown directly, allowing for proper error handling and correct HTTP responses, thus fixing the authentication vulnerability.

Author: fulleni

lib/src/services/auth_service.dart

@@ -256,14 +256,14 @@ class AuthService {
           'Created default UserContentPreferences for user: ${user.id}',
         );
       }
-    } on HtHttpException catch (e) {
-      _log.severe('Error finding/creating user for $email: $e');
-      throw const OperationFailedException(
-        'Failed to find or create user account.',
-      );
-    } catch (e) {
+    } on HtHttpException {
+      // Propagate known exceptions from dependencies or from this method's logic.
+      // This ensures that specific errors like ForbiddenException are not
+      // masked as a generic server error.
+      rethrow;
+    } catch (e, s) {
       _log.severe(
-        'Unexpected error during user lookup/creation for $email: $e',
+        'Unexpected error during user lookup/creation for $email: $e', e, s,
       );
       throw const OperationFailedException('Failed to process user account.');
     }