In API controller, "@expose.expose" should be on top of
"@policy.enforce_wsgi". Otherwise, the output won't have the correct
format and status code. That is because "@expose.expose" will format
the exception before sending the response.
In "enforce_wsgi", use decorator module instead of "functools.wraps".
That is because decorator is signature preserving, which is
necessary for other decorator to work.
Also, added unit tests to ensure the correct error message and status
code will return if the request cannot pass the policy check.
Change-Id: I8b77ba95124c13dd1a46700bc60105bc7e33a579
Related-Bug: #1520311