401 on project admin page when viewed as a non jira-admin user

Summary

When a project admin page is visited, we perform a check for plugin updates (/rest/plugins/1.0/notifications). If the user visiting the page is not a JIRA administrator, they will not have permission to access the UPM. This results in a 401 error for that call.

Steps to reproduce

1. Login as a regular Project Administrator (user who has administer project permission on a test project, but who is not a JIRA Admin or System Admin)
2. Access the administration page of same test project, and click on any of the project admin tabs e.g. versions, components etc.

Expected results

There aren't requests on the page that return a 401. Either no unauthorized requests are triggered or atleast they return a more appropriate 403 response.

Actual results

A 401 is returned, as well as a, WWW-Authenticate header for requests to /rest/plugins/1.0/notifications

Notes

A similar issue was found in OnDemand: https://ecosystem.atlassian.net/browse/UPM-2684. Not sure if this issue should be a JIRA fix to handle the call better, or if the UPM is adding this call in, and the above issue should be re-opened to extend to BTF instances as well.