Return 404 status for non-published Budget access

Why:

Non-admin users shouldn't be able to access, or know of the existence
of a non-published Budget.

How:

Raising an ActionController::RoutingError (404 error) to simulate the
same behaviour as accesing a non-existing Budget.

We could have used CanCanCan abilities for this but then an user could
be aware of existing but not published Budgets by trying different urls

app/controllers/budgets_controller.rb

@@ -1,5 +1,6 @@
 class BudgetsController < ApplicationController
   include FeatureFlags
+  include BudgetsHelper
   feature_flag :budgets
 
   load_and_authorize_resource
@@ -9,6 +10,7 @@ class BudgetsController < ApplicationController
   respond_to :html, :js
 
   def show
+    raise ActionController::RoutingError, 'Not Found' unless budget_published?(@budget)
   end
 
   def index