HTTP 500 should always raise an error

During testing we had some cases where act checked for a `non-403 status code` and was happy with HTTP 500. I think this wrongly suggests the app is working "correctly" where in fact act revealed some case the API was not handling correctly (basically discovered a bug).

I think these checks should be highlighted and treated as "not passed" as HTTP 500 is never good. 

Happy about thoughts!