chore: Rbac errors should be returned, and not hidden behind 404 (#7122)

* chore: Rbac errors should be returned, and not hidden behind 404

SqlErrNoRows was hiding actual errors
* Replace sql.ErrNoRow checks
* Remove sql err no rows check from dbauthz test
* Fix to use dbauthz system user

coderd/httpmw/userparam.go

@@ -2,11 +2,8 @@ package httpmw
 
 import (
 	"context"
-	"database/sql"
 	"net/http"
 
-	"golang.org/x/xerrors"
-
 	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
 
@@ -71,7 +68,7 @@ func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Han
 				}
 				//nolint:gocritic // System needs to be able to get user from param.
 				user, err = db.GetUserByID(dbauthz.AsSystemRestricted(ctx), apiKey.UserID)
-				if xerrors.Is(err, sql.ErrNoRows) {
+				if httpapi.Is404Error(err) {
 					httpapi.ResourceNotFound(rw)
 					return
 				}