fix: get_tree returns 404 (not 403) for inaccessible trees — don't leak resource existence

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/api/endpoints/trees.py

@@ -392,9 +392,10 @@ async def get_tree(
         )
 
     if not tree.is_active or not can_access_tree(current_user, tree):
+        # Always 404, never 403. A 403 confirms the resource exists.
         raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="You don't have access to this tree"
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Tree not found"
         )
 
     return build_full_tree_response(tree)