Adds docblock comments and HTTP spec links for the new HTTP Exception classes (#2103)

framework/web/ForbiddenHttpException.php

@@ -10,6 +10,13 @@ namespace yii\web;
 /**
  * ForbiddenHttpException represents a "Forbidden" HTTP exception with status code 403.
  *
+ * Use this exception when a user has been authenticated but is not allowed to
+ * perform the requested action. If the user is not authenticated, consider
+ * using a 401 [[UnauthorizedHttpException]]. If you do not want to
+ * expose authorization information to the user, it is valid to respond with a
+ * 404 [[NotFoundHttpException]].
+ *
+ * @link http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4
  * @author Dan Schmidt <danschmidt5189@gmail.com>
  * @since 2.0
  */