`GET /api/latest/fleet/queries/run` incorrectly returns 200 for non-authorized users (queries do not run though)

[lucasmrod]

Fleet version: main 68f2aef (4.31.0)

---

As a fleetctl user not authorized to run a live query I run it via the synchronous API (GET /api/latest/fleet/queries/run).
(e.g. an observer attempting to run a non-observer_can_run query, or a gitops attempting to run any query)

🧑‍💻  Expected behavior

User gets a "forbidden" HTTP 403.

💥  Actual behavior

The query does not run as expected, but the user gets a HTTP 200.

👣 Reproduction steps

curl -i --insecure -X GET 'https://localhost:8080/api/v1/fleet/queries/run' \
-H "Authorization: Bearer $TEST_TOKEN" \
--header 'Content-Type: application/json' \
--data-raw '{
  "query_ids": [2],
  "host_ids": [1]
}'
HTTP/2 200 
content-type: application/json; charset=utf-8
content-length: 197
date: Thu, 27 Apr 2023 21:38:36 GMT

{
  "summary": {
    "targeted_host_count": 1,
    "responded_host_count": 0
  },
  "live_query_results": [
    {
      "query_id": 2,
      "error": "forbidden",
      "results": null
    }
  ]
}

Where TEST_TOKEN is a token for a user that is not authorized to run query with id 2 in host with id 1.