test(reporting): lock down query authorization coverage across endpoints

[spartan124]

Title: test(reporting): lock down query authorization coverage across endpoints

Description

This PR introduces comprehensive tests to guarantee that all user-facing reporting queries enforce strict authorization checks. It verifies that user.require_auth() is correctly applied across all endpoints, effectively rejecting unauthorized callers. Additionally, it includes test coverage for ACL delegation behavior, ensuring only explicitly granted viewers can access designated reports when ACL is enabled.

Changes Implemented

Added authorization and access control test coverage for the following endpoints:

• get_remittance_summary
• get_savings_report
• get_bill_compliance_report
• get_insurance_report
• get_financial_health_report
• get_stored_report
• Verified ACL grant and revoke delegation behaviors.

Checklist & Guidelines Met

• Minimum 95% test coverage achieved for the reporting module.
• All tests are passing locally (cargo test -p reporting).
• Clear documentation added to test cases explaining authorization boundaries.
• Completed within the required 96-hour timeframe.

Related Issues

• Closes SC-003 Reporting: Add tests ensuring all user-facing queries require auth (and ACL only when enabled) #456 (SC-003)