WIP: AdminClubService DI fix and RLS-related changes

backend/WorkClub.Tests.Integration/Clubs/ClubEndpointsTests.cs

@@ -185,7 +185,7 @@ public class ClubEndpointsTests : IntegrationTestBase
     }
 
     [Fact]
-    public async Task GetClubsCurrent_NoTenantContext_ReturnsBadRequest()
+    public async Task GetClubsCurrent_NoTenantContext_ReturnsForbidden()
     {
         AuthenticateAs("admin@test.com", new Dictionary<string, string>
         {
@@ -194,7 +194,7 @@ public class ClubEndpointsTests : IntegrationTestBase
 
         var response = await Client.GetAsync("/api/clubs/current");
 
-        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+        Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
     }
 
     [Fact]