Change all "Unauthorized" errors to be more specific

[blue-note]

Generally, generic "unauthorized" errors serve the function of not leaking sensitive or unnecessary info to unauthorized actors in closed-source systems. In this case since we are open-source, having generic unauthorized errors makes less sense: it would be more useful to include more information in the error message to assist in troubleshooting.