The message received when push to a protected branch is rejected has changed since 11.3.0-rc4

Prior to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21034#6e60f94696b534ed16ff1d4f8ca1a742242805bf_58_64, the message received when trying to push to a protected branch from an unauthorized user was You are not allowed to push code to protected branches on this project, but now it changed to the cryptic API is not accessible, which isn't really helpful anymore... :(

Screen_Shot_2018-09-07_at_00.12.45

This regression was discovered while running QA against staging running 11.3.0-rc4: https://gitlab.com/gitlab-org/quality/staging/-/jobs/95453012

This was originally reported in the QA issue: gitlab-org/release/tasks#428 (comment 99538282)

I believe the change in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21034 is semantically correct, as returning a 401 status code is definitely a good idea, but I think gitlab-shell should probably use the provided message from the response if present instead of always returning API is not accessible

One important thing to note is that QA wasn't run for !21034 (merged), and that would have caught the behavior change in advance! /cc @meks

I've set the ~Geo and ~Manage labels because there were set on !21034 (merged), and the ~Create label because I think it's the internal API is belonging to this team (but I think that would be unfair to assign the regression the ~Create team)

I've set the ~P1 label because this is a regression from the latest RC, and the ~S3 label because this isn't breaking any functionality but it can confuse users that are used to the previous behavior.

/cc @ash.mckenzie @stanhu @smcgivern

/cc @mlapierre because ~Create

/cc @sliaquat because ~Manage