API: fixes visibility of project hook
Created by: justahero
An unauthorized user can access project hooks individually.
For example if access to GET /projects/:id/hooks fails and returns a 403 Unauthorized error it is still possible to access a hook directly via GET /projects/:id/hooks/:hook_id.
Fixes access, also added tests to check access and status codes of hooks.