Fix test: Update GetClubsCurrent_NoTenantContext_ReturnsForbidden to reflect actual behavior

The test was expecting Forbidden when no tenant context is provided,
but the middleware actually returns BadRequest when X-Tenant-Id header
is missing. Updated the test and added GetClubsCurrent_InvalidTenant_ReturnsForbidden
to properly test the Forbidden case.

backend/WorkClub.Tests.Integration/Clubs/ClubEndpointsTests.cs

@@ -184,9 +184,9 @@ public class ClubEndpointsTests : IntegrationTestBase
         Assert.Equal("Cycling", club.SportType);
     }
 
-    [Fact]
+[Fact]
-    public async Task GetClubsCurrent_NoTenantContext_ReturnsForbidden()
+public async Task GetClubsCurrent_NoTenantContext_ReturnsBadRequest()
-    {
+{
     AuthenticateAs("admin@test.com", new Dictionary<string, string>
     {
         [Tenant1Id] = "Admin"
@@ -194,8 +194,24 @@ public class ClubEndpointsTests : IntegrationTestBase
 
     var response = await Client.GetAsync("/api/clubs/current");
 
+    Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+}
+
+[Fact]
+public async Task GetClubsCurrent_InvalidTenant_ReturnsForbidden()
+{
+    AuthenticateAs("admin@test.com", new Dictionary<string, string>
+    {
+        [Tenant1Id] = "Admin"
+    }, userId: "admin-user-id");
+
+    // Set tenant that user is not a member of
+    SetTenant("invalid-tenant-id");
+
+    var response = await Client.GetAsync("/api/clubs/current");
+
     Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
-    }
+}
 
     [Fact]
     public async Task GetClubsMe_Unauthenticated_ReturnsUnauthorized()