Prevent access if external authorization services returns 403

The external authorization services feature provides fine grained project access control from an external system in addition to GitLab access controls. Currently if a 401 is returned access will be blocked, but not 403. We need to fix this.