Fixed status code for unauthenticated requests

refs https://github.com/TryGhost/Team/issues/498

Requests to fetch the data of the logged in member made without a
session cookie were responsing with 400 Bad Request. This was incorrect
and always should have been a 401 Unauthorized.

core/server/services/members/middleware.js

@@ -51,7 +51,7 @@ const getMemberData = async function (req, res) {
             res.json(null);
         }
     } catch (err) {
-        res.writeHead(err.statusCode);
+        res.writeHead(401);
         res.end(err.message);
     }
 };

test/frontend-acceptance/members_spec.js

@@ -50,7 +50,7 @@ describe('Basic Members Routes', function () {
 
         it('should error for invalid member token on member data endpoint', async function () {
             await request.get('/members/api/member')
-                .expect(400);
+                .expect(401);
         });
 
         it('should serve member site endpoint', async function () {