controllers: return 400 instead of 403 for GET requests with body.

Fix for 3184e77de. Return 400 Bad Request instead of 403 Forbidden for
GET requests with a body.

test/functional/application_controller_test.rb

@@ -10,10 +10,10 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
       assert_response 406
     end
 
-    should "return 403 Bad Request for a GET request with a body" do
+    should "return 400 Bad Request for a GET request with a body" do
       get root_path, headers: { "Content-Type": "application/x-www-form-urlencoded", "Accept": "application/json" }, env: { RAW_POST_DATA: "tags=touhou" }
 
-      assert_response 403
+      assert_response 400
       assert_equal("ApplicationController::RequestBodyNotAllowedError", response.parsed_body["error"])
       assert_equal("Request body not allowed for GET request", response.parsed_body["message"])
     end