Improve 403 Forbidden error case

[chrsmith]

If you are not authorized to access the website (GitHub account authorized, but not on a whitelist) we should provide that information to the user. e.g. "You were not on any whitelisted GitHub organizations or email domains. Please contact chris@pulumi.com if you believe this is an error."

[joeduffy]

As an aside, a nicer 404 is probably worth considering. Shall I file a separate issue?

BTW, let's use support@pulumi.com for this, not your email address.

[chrsmith]

Let's track both issues in this bug, though the fixes will require two very different approaches. Also, ack on the email address. Though I was hoping it would be my opportunity to look like a stock photo of somebody in tech support...

[chrsmith]

From a conversation in the office:

• We'll request user:email and read:org. So we can either do the email check or org whitelist.
• Update the error message on the 403 page to indicate the user wasn't authorized, and should confirm they have a verified email address. Or contact their GitHub organization owner...
• Having a specialized landing page to explain the "grant org access" would probably go a long way. e.g. /authorize-github-org with screen shots and an explanation for what the authorization is used for, etc.

[joeduffy]

Given that we plan to flip this to public roughly after 0.9, is it worth doing anything here? I propose we just close this out and spend our energy building the real deal.

[lindydonna]

Propose keeping this open in case we need it for a bigger private preview in Jan/Feb

[lindydonna]

Proposing we close this. When we do the private beta, we can just document the symptom for customers.

Filed #72 for the 404 case.