[Hawtio] Improve handling of HTTP 403 responses

Follow up to ENTESB-10823.

For some Hawtio endpoints, if the user is not authenticated, a HTTP 403 Forbidden response is returned. However ServletHelpers.doForbidden forces the return of a JSON response, which is not very user friendly if someone hits a secured endpoint in a web browser.

It'd better to only return JSON if requested. E.g if application/json is present in the Accept header. Or via a URL parameter etc.