I’ve build a POC CDN that can support 401 Unauthorised / 402 Payment Required. It’s centralised, however can support custom domains. It uses NIP98 HTTP AUTH.
I have a local version that’s more advanced, but not yet ready to release. Mostly because I’m still working out a cross-compatible payment flow for lightning - something like LSAT, but with Nostr auth instead of receipts and cookies (which can be shared).