slack thread: https://redhat-internal.slack.com/archives/C04MZT67Y9M/p1696266817212969?thread_ts=1696256860.529229&cid=C04MZT67Y9M

In the POST /seats endpoint, when ams returns a 403 on the QuotaAuthorization call, entitlements wraps it in a 500. We should bubble up a 403 instead for transparency. We can also specifically check for this error:

 "error": "QuotaAuthorization: [status is 403, identifier is '11', code is 'ACCT-MGMT-11' and operation identifier is 'fda82219-6529-4ab5-a095-25a2c8ba4607': Account lightspeed-rgebhard missing required Subscription create permission]" 

and return a more useful error around data syncing, aka "try again in 30 min" or something

Actually most of the AMS client methods bubble up all AMS errors as 500. We should implement a mapper for these. We can use ClientError: https://github.com/RedHatInsights/entitlements-api-go/blob/master/ams/client.go#L66 to map the errors to. and then in the controller we can check for that like we do in some places. Example here: https://github.com/RedHatInsights/entitlements-api-go/blob/master/controllers/seats.go#L143-L147. We should extract that bit of logic to a mapper/method as well and re use it.

Implement these changes in all AMS client methods (so map all responses from AMS), and then in each controller method where its not already in use