Apply suggestions from code review

Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>

internal/daemon/controller/interceptor.go

@@ -356,9 +356,9 @@ func aliasResolutionInterceptor(
 		interceptorCtx, err = alias.ResolveRequestIds(interceptorCtx, reqMsg, r)
 		if err != nil {
 			// Since this is intercepted prior to checking that the requester
-			// is authorized to make the request, returning a 404 here and a 403
+			// is authorized to make the request, returning a 404 here and a 401
 			// when the request is checked in the handler would expose which
-			// aliases exist. Instead, we return a forbidden error here so there
+			// aliases exist. Instead, we return a unauthenticated error here so there
 			// is no way to distinguish between a missing alias and an existing
 			// alias that points to a destination the requester is not allowed
 			// to perform an action on.

internal/tests/api/targets/target_test.go

@@ -769,7 +769,7 @@ func TestSet_Errors(t *testing.T) {
 	assert.NotNil(apiErr)
 	assert.EqualValues(http.StatusUnauthorized, apiErr.Response().StatusCode())
 	// We should not be able to tell the difference between an unauthorized request
-	// and an request that tries to resolve an alias that points to nothing.
+	// and a request that tries to resolve an alias that points to nothing.
 	assert.EqualValues(noAliasApiErrReponse.Body, apiErr.Response().Body)
 }