app controller: standardize access denied error handling.

Refactor to use `render_error_page` to handle User::PrivilegeError
exceptions. This way these exceptions are logged to New Relic.

Changes:

* Anonymous users aren't automatically redirected to the login page.
  Instead they're taken to the access denied page, which links to the
  login/signup pages.

* JSON/XML error responses return `message` instead of `reason`.

app/views/static/access_denied.html.erb

@@ -1,6 +1,13 @@
 <h1>Access Denied</h1>
 
-<p>You do not have permission to visit this page.</p>
+<p>
+  You do not have permission to visit this page.
+
+  <% if CurrentUser.is_anonymous? %>
+    Try <%= link_to "logging in", new_session_path(url: request.fullpath) %> or
+    <%= link_to "signing up", new_user_path %>.
+  <% end %>
+</p>
 
 <%= link_to "Go back", :back, :rel => "prev" %>