Generate audit log entries on unauthorized access attempts

[juggernot325]

Description

This PR updates the middleware used to perform permissions checks on API endpoints to generate an audit log record if a user attempts to access an endpoint they do not have permission to access. There are a few different middleware functions that perform authorization checks, so a helper method was added to DRY up the code for a consistent experience.

The audit log entry generated will capture the name, IP address, and email address of the unauthorized user as those are standard fields for an audit log. The API endpoint the user was attempting to access will also be logged in the fields section.

A few things to note:

• Log entries are only created on attempts to access endpoints that a logged-in user does not have access to due to restrictions on their assigned role.
• Only access attempts that change data are logged. Read-only actions are not logged. e.g. POST /api/v2/bloodhound-users would be logged, GET /api/v2/bloodhound-users would not be logged
• Access attempts from unauthenticated users as that could be too noisy in some situations.

Motivation and Context

• Provide better visibility if there is a scenario where a user is compromised

How Has This Been Tested?

• Verified that the audit log entries are generated successfully
• Verified that unauthenticated users do not generate an audit log entry

Screenshots (if appropriate):

Types of changes

• Chore (a change that does not modify the application functionality)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• Documentation updates are needed, and have been made accordingly.
• I have added and/or updated tests to cover my changes.
• All new and existing tests passed.
• My changes include a database migration.