VerifySession should not return 401

[nwmac]

Currently, the REST API verifySession (which is used to determine is the user has a valid session) returns a 401 (Unauthorised) if they do not and 200 is they do.

This leads to errors in the front-end console log and during e2e tests when the user accesses the UI but is not logged in.

We should change the API to always return 200 and indicate whether the user has a valid session in the response body.

This should be a small change on the back-end, but will require a tweak on the front-end and in the e2e test helpers.