review if HEAD permission check being inaccurate can cause errors

[sleidig]

          @tomwwinter If we have a permission rule like "can read all docs with location=Berlin", won't this return 401 even for allowed docs?

Where is the HEAD request used? How critical is a possible difference between the head and actual get?

Originally posted by @sleidig in #127 (comment)