Release API: return 403 instead of 404 when not enough permissions

Summary

When using the Release API with the private token of someone that does not have access to the repository, the API currently returns a 404 error. A 403 error would be more appropriate in this case: the project does exist.

This is really not a big deal, but this had me stuck for a while.

Steps to reproduce

$ curl --header "PRIVATE-TOKEN: ${DISALLOWED_TOKEN}" "$CI_API_V4_URL/projects/${CI_PROJECT_ID}/releases"
{"message":"404 Project Not Found"}

$ curl --header "PRIVATE-TOKEN: ${OWNER_TOKEN}" "$CI_API_V4_URL/projects/${CI_PROJECT_ID}/releases"
[]

Example Project

Any project that is not public (i.e. that requires permissions to be given).

What is the current bug behavior?

404

What is the expected correct behavior?

403