API 404 should give a real HTTP error instead of giving index.html

See https://gitlab.com/arkindex/requests/-/issues/273#note_649752397

It makes sense to provide the index.html for lost users on everyting except urls that start with /api.

API users can mistype URLs (especially with UUIDs) and should get a clear 404.