BI-2860: Made changes to the end point to limit the access.

[humsika]

Description

JIRA story card link: BI-2860

This PR updates the experiment dataset creation permission so that POST /programs/{programId}/experiments/{experimentId}/dataset is restricted to Program Administrator.

Previously, an Experimental Collaborator could reach a flow in the UI that suggested sub-entity dataset creation was available. This change enforces the backend permission rule so collaborator users cannot create sub-entity datasets directly through the API.

This PR also adds test coverage for the forbidden collaborator case.

And it depends on the bug/BI-2860-v1.3 for the frontend.

Dependencies

bi-web: bug/BI-2860-v1.3
bi-api: bug/BI-2860-v1.3

Testing

1. Run the existing API test suite for the updated controller test
2. Verify Program Admin can still create a sub-entity dataset
3. Verify Experimental Collaborator receives 403 Forbidden on:
   POST /programs/{programId}/experiments/{experimentId}/dataset

Manual validation:

1. Use the related bi-web PR
2. Confirm collaborator user sees the option disabled in the UI
3. Confirm backend blocks direct API access for collaborator users

Checklist:

• I have performed a self-review of my own code
• I have tested my code and ensured it meets the acceptance criteria of the story
• I have create/modified unit and/or integration tests to cover this change or tests are not applicable
• I have commented my code, particularly in hard-to-understand areas
• I have either updated the source of truth or arranged for update with product owner if needed https://breedinginsight.atlassian.net/wiki/spaces/BI/pages/1559953409/Source+of+Truth

[nickpalladino]

Looks good