When adding a project hook a url must be specified or a 400 error code is returned

* Specs added to check status code on handling project hooks
* refactored code, extracted a method

When a user is added to a project that is already a member of, a status code 201 is now returned to
signal an idempotent operation. If something fails then instead of returning error code 404 different
more specific error codes are returned. Status code 400 (Bad request) is returned when a required
attribute, e.g. `access_level` is not given or 422 if there is a semantic error, e.g. should
the `access_level` have an unsupported value.

Specs are added to check these status codes.

fix the gitlab-shell clone url in master installation doc

A user must be part of the team to see a protected project. A test is given
to check that a 404 error is returned if the user can not see the project.

A few fixes in the notes URI pattern (`notes` instead of `:notes`), also updated
the information to status codes. If `body` attribute is missing from a POST request
a status code 400 (Bad request) is returned. This reflects the code changes from
the previous commit.

If a note is created with a POST request via API (`/projects/:id/notes`) status
code 400 is returned instead of 404. The resource itself exists but the request
is incomplete. Specs added to check different status codes when accessing, creating
and updating notes.