Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

[jaswrks]

Line 911 in the WP_REST_Server class currently uses a hard-coded 403 error code. It should be calling upon rest_authorization_required_code() to determine the proper response code; e.g., 401 instead of a 403 whenever a user is not logged-in.

<?php
$response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => 403 ) );

Should be:

<?php
$response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => rest_authorization_required_code() ) );

[rachelbaker]

In 42421:

REST API: Return the proper status code for failed permission callbacks in WP_REST_Server->dispatch().

Use the rest_authorization_required_code() function to return a 401 status code when a permission callback fails due to a user not being logged in.

Props jaswrks.
Fixes #42828.

[rachelbaker]

In 42422:

REST API: Return the proper status code for failed permission callbacks in WP_REST_Server->dispatch().

Use the rest_authorization_required_code() function to return a 401 status code when a permission callback fails due to a user not being logged in.

Merges [42421] to the 4.9 branch.

Props jaswrks.
Fixes #42828.

[rachelbaker]

Reopening because I missed committing the unit test changes needed here.

[rachelbaker]

In 42423:

REST API: Adjust unit testes to expect a 401 status code in error responses from permission callbacks when user is not authenticated.

Missed in [42421].

Fixes #42828.

[rachelbaker]

In 42427:

EST API: Adjust unit testes to expect a 401 status code in error responses from permission callbacks when user is not authenticated.

Missed in [42421].

Merges [42423] to the 4.9 branch.
Fixes #42828.