You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster. "
The problems, however, start when the browser is trying to access these files.
Problem #1. The FollowSymLinks option causes me an Internal Server Error because my hosting provider has disabled use of this directive. In my environment I know I can safely comment this line out just like I did in the main .htaccess file in the Drupal installation directory. This is because the FollowSymLinksIfOwnerMatch is enabled instead. One down, one to go.
Problem #2. The content of the .htaccess file is now effectively as follows:
If I comment out Options None, I can access the files as intended. This configuration change is, however, something that I am not going to do unless I know for sure that Apache is configured safely - I don't want to open my site for remote arbitrary code execution.