AuthException
The base of every auth denial the middlewares raise — a fail-closed refusal that is meant to be *read* by whoever hit it. Each subclass carries three things beyond an ordinary exception: an HTTP {@see self::statusCode()} so a host/projector can map it without a lookup table, a stable machine {@see self::errorCode()} (a `MILPA_*` string) to switch on, and a message written to teach — what went wrong, how to fix it, and a link to the concept it violated. The message NEVER contains the credential or token that triggered the denial: the whole point of this package is that a secret never reaches a log or an error, and an error class is no exception.
AuthException::statusCode()
public function statusCode(): intAuthException::errorCode()
public function errorCode(): string