Arvados

When a DELETE request fails because a call to the API server could not be executed successfully, the HTTP status returned by the API server should be passed through to Keep's DELETE response:

• Respond 403 Forbidden if the token is valid (users.get responds 200) but does not pass is_admin/scopes verification, or users.get responds 403 (which is another scope problem).
• Respond 401 Unauthorized If the token is invalid (users.get responds 401) (This probably means the token has expired.)

This change will require updating the sdk.ArvadosClient to return more information about why a request failed. Possibilities include:

• define an ArvadosApiError type that includes the API server HTTP status code
• change sdk.ArvadosClient.CallRaw to return an HTTP status instead of an error message