Fixed the issue of direct links to statuses yielding 403 instead of 200 (with index file and meta when static FE is disabled / server-rendered status HTML when static FE is disabled) on non-federating instances.
Added missing access control restrictions (basing on :restrict_unauthenticated setting) to OStatusController, StaticFEController.
Misc. fixes (e.g. adjusted the list of actually supported request formats for each OStatus endpoint).