WebRenderer::serveError leaks error details to end user
serveError is used in several places where an unexpected exception is caught. The
what() of this exception is then sent to the user.
We should not do this, at least not by default. Maybe we could allow the developer to turn it on for development, but normally the user should not get more information than "something went wrong", otherwise a malicious actor may be able to gain valuable information.