Fix auth hook so it returns forbidden if the user is authenticated but not allowed to hit an endpoint.

vite.config.ts

@@ -1,4 +1,4 @@
-import { defineConfig } from "vitest/config";
+import { configDefaults, coverageConfigDefaults, defineConfig } from "vitest/config";
 import { sveltekit } from "@sveltejs/kit/vite";
 import { readFileSync } from "fs";
 
@@ -8,12 +8,15 @@ export default defineConfig({
 	server: {
 		https: {
 			key: readFileSync(`${__dirname}/cert/key.pem`),
-			cert: readFileSync(`${__dirname}/cert/cert.pem`)
+			cert: readFileSync(`${__dirname}/cert/cert.pem`),
 		},
-		proxy: {}
+		proxy: {},
 	},
 
 	test: {
-		include: ["src/**/*.{test,spec}.{js,ts}"]
-	}
+		include: ["src/**/*.{test,spec}.{js,ts}"],
+		coverage: {
+			exclude: [...coverageConfigDefaults.exclude, "svelte.config.js"],
+		},
+	},
 });