Make user admin error message consistent

[ericaporter]

Relating to ticket
Context

Unauthorised access messaging was inconsistent between the Finance and Users admin areas.

Changes proposed in this pull request

• Aligned the Users admin unauthorised message with the existing Finance pattern
• Updated Users admin to render the shared unauthorised page with a clear heading and context-specific copy
• Ensured consistent messaging when access is blocked, including direct URL access

Guidance to review

• Trigger unauthorised access to Users admin and Finance admin to confirm messaging is consistent
• Check that the correct explanatory text is shown for each context

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Review app deployed to https://cpd-ec2-review-2163-web.test.teacherservices.cloud

[avinhurry]

Looks good.

Just realised now that we have (finance > user_manager > admin) admin feels a bit misleading. One to ponder on.

[avinhurry]

Do you think it's worth adding specs to check that GET /admin/users/:id and GET /admin/users/:id/edit are protected and show the same error message too?