My current workaround involves sending separate keys called 'http_status_code' and 'http_status_message' in which I can define things myself. However, I would prefer that the calling party receives a custom 4xx code instead of a 200 code and looking up the actual status in the mentioned keys.
Indeed there is not a way to set custom HTTP response codes for API endpoints. Your approach of sending the information via returned keys is indeed the best option. You can post this on the Product Ideas board as well.