API: Avoid group leak while updating the group

spec/requests/api/groups_spec.rb

@@ -135,10 +135,10 @@ describe API::API, api: true  do
     end
 
     context 'when authenticated as an user that cannot see the group' do
-      it 'returns 403 when trying to update the group' do
+      it 'returns 404 when trying to update the group' do
         put api("/groups/#{group2.id}", user1), name: new_group_name
 
-        expect(response.status).to eq(403)
+        expect(response.status).to eq(404)
       end
     end
   end