The same way we have a NotFound page that plays well with SSR, we should have a Forbidden page that plays well for 403 requests.

Currently on Blazor apps you rely on AuthorizeView and the NotAuthorized fragment, but that only works when authorization happens at the Blazor level and not when it is triggered from the AuthorizationMiddleware.

We want to have a page so that we can provide a consistent experience across SSR and interactive render modes.