Inexistent 403 responses in a plone.restapi GET call to content

[sneridagh]

While authenticated, you ask for a content that the user do not have permissions, Zope answers Unauthorized, instead of a Forbidden.

I don't know if that's a regression for Plone 5.2, since it's using the WSGI stack.

It has more to do with p.rest than p.restapi, so I will set an issue in both.