Return Unauthorized statuscode in RejectInfo
Currently, when an unauthorized (no token present) request is presented to AuthenticationHandler.handleSecurity, it returns an invalid_request status code. It is better to return some form of unauthorized status code. Besides the string statusCode that is now part of RejectInfo, it would also be good to have an HTTP status code available (which can then be used in RejectInfo::applyTo as well).
PR is merged with some modifications to avoid major version bumps in the API package.