Make the public API use RLS instead of TS right checks

[riderx]

Describe the bug/issue Instead of using Supabase Admin for public endpoint, we should always use supabaseApikey to ensure we have the same Right policy between web and API

[riderx]

@devin All public endpoint use supabase admin we would like to enforce supabase with apikey to be sure user can never hack they way to unallowed action. Make sure to update the test to test rights as well and errors send should be clear

[riderx]

@devin do it