404 error when accessing a file w/o permission should be a 403

Description

When an authenticated users tries to access a file via Webinterface without having the permission to view the repository a 404 error is shown. This may (esp. for non-technical users) lead to the conclusion that the file does not exist, instead of not having the necessary permissions.

Proposal

An authenticated user should see a 403 error. This is technically correct as the file exists and the user just has no permission to see it.
Additionally a link to the projects page could be shown where the user can request access to the project (if enabled).

Limitation

For unauthenticated users this may lead to information disclosure as they can identify which files exist in a repository depending on the error code. Always showing a 401 error to unauthenticated users may mitigate this.