Fix code scanning alert no. 18: User-controlled bypass of sensitive method

[KrzysztofPajak]

Fixes https://github.com/grandnode/grandnode2/security/code-scanning/18

To fix the problem, we need to ensure that the authorization check is performed regardless of whether the model parameter is null or not. This can be achieved by rearranging the code so that the authorization check is done before the null check. This way, even if the model is null, the authorization check will still be executed.

• Move the authorization check _permissionService.Authorize(PermissionSystemName.Products) before the null check for the model parameter.
• Ensure that the authorization check is the first condition to be evaluated in the method.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.