don't leak the existence of gotd repositories to unrelated user accounts In particular, this prevents anonymous user accounts from discovering the existence of other private repositories served by gotd by correctly guessing the name of a private repository. They still wouldn't have read or write access but in some cases even knowledge about the existence of a particular repository could be cause for concern. ok op@

add test for read-only access on empty repository