Disable stories edit page for users with insufficient permissions

[RichDom2185]

Reported by a student; reworded and posted here as it is not a major security vulnerability (the API request would still be blocked correctly by the backend, i.e. saving will result in an error if the user has insufficient permissions). Thank you for the report!

Background

The backend already implements the correct access control checks to ensure this editing stories is not possible unless the user has sufficient permissions:

• https://github.com/source-academy/stories-backend/blob/984356ffc2cee02533ece59485d325ea366dd59f/controller/stories/update.go#L30-L36
• https://github.com/source-academy/stories-backend/blob/984356ffc2cee02533ece59485d325ea366dd59f/internal/permissiongroups/stories/stories.go#L23-L31
• https://github.com/source-academy/stories-backend/blob/984356ffc2cee02533ece59485d325ea366dd59f/internal/permissions/users/users.go#L24-L30

And the frontend also already hides the edit button in the stories table:

https://github.com/source-academy/frontend/blob/105a553c2117f09bace724ef21457a7a09e1a3a8/src/pages/stories/Stories.tsx#L151-L163

But manually editing the URL from /view/<story_id> to /edit/<story_id> still results in the edit component showing.

Proposal

Redirect /edit/<story_id> → /view/<story_id> when the user has insufficient permissions to edit.