Create exception mapper to catch 401/403s for admin dashboard

[adrw]

Investigate setting up an exception mapper to catch 401s for /_admin/ requests instead of this custom logic which then serves a more helpful 401 page, this will also cover cases where someone directly accesses the tab from a runbook link which they don't have access to

Originally posted by @adrw in #3260 (comment)