404 replies should be marked as not cacheable

Debusine may report a HTTP status code of 404 for views when the requesting user lacks authorization. This may happen e.g. when a client is not yet authenticated. Once logged in, a different status code is returned. Unless a 404 response is explicitly marked as uncacheable, a client is entitled to treat it as generally cacheable. I doesn't seem like firefox or chromium actually do cache such 404, but this behavior seems at least questionable. I argue that due to its use of 404 for unauthorized requests, Debusine should generally issue Cache-Control: no-cache or Cache-Control: no-store for 404 responses to most views.