DOES_NOT_EXIST etc. produce misleading 404 pages

The gitlab-ce!13982 MR to fix gitlab-ce#17467 fixed 404 pages overly broadly, leading to misleading 404 pages. E.g.:

There's going to be numerous other examples of this where 404 pages are used. This leads users to think that "oh maybe this commit or branch exists, and I just don't have permissions to view it".

That's not at all how the intra-project permission model works, so when rendering 404 pages for these sorts of project assets here's what should happen:

If you have no access to the project, i.e. if a URL like https://gitlab.com/gitlab-org/gitlab-ce/ would render the current 404 page, nothing should be changed, since otherwise you'd be leaking info about what commits / trees etc. exist.
If you do have access to the project, then the old 404 page should be printed. I.e. it should categorically tell you that the branch/tree/issue/MR etc. doesn't exist, instead of saying you might not have permissions to view it.

This is tangentially related to, but not the same issue as what I filed in gitlab-ce#50201. I.e. if the setting proposed in that ticket is implemented, we should always print the most accurate 404 page we can serve up (i.e. say "you don't have permission to view this ticket") if the user has no access to the project whatsoever.