perf: perform password auth before checking UID.

On FreeBSD DevAuth was showing up as consuming ~10% of the time when doing big
camputs.  It disappears with this change. FreeBSD and Mac exec external
programs for localhost auth, so I imagine they'll both benefit.
On linux, checking the password in memory is (probably) still faster than
reading from /proc (which I'm assuming turns into a roundtrip
userland->kernel->userland which is nice to avoid).

Making the change to UserPass under the assumption the performance improvement
would be similar.  Untested/unprofiled though.

Change-Id: Idb7e888df6e9a36db0be671a44911e018eb7986e

pkg/auth/auth.go

@@ -203,10 +203,6 @@ type UserPass struct {
 }
 
 func (up *UserPass) AllowedAccess(req *http.Request) Operation {
-	if up.OrLocalhost && localhostAuthorized(req) {
-		return OpAll
-	}
-
 	user, pass, err := basicAuth(req)
 	if err != nil {
 		return 0
@@ -219,6 +215,11 @@ func (up *UserPass) AllowedAccess(req *http.Request) Operation {
 			return OpVivify
 		}
 	}
+
+	if up.OrLocalhost && localhostAuthorized(req) {
+		return OpAll
+	}
+
 	return 0
 }
 
@@ -256,12 +257,6 @@ type DevAuth struct {
 }
 
 func (da *DevAuth) AllowedAccess(req *http.Request) Operation {
-	// First see if the local TCP port is owned by the same
-	// non-root user as this server.
-	if localhostAuthorized(req) {
-		return OpAll
-	}
-
 	_, pass, err := basicAuth(req)
 	if err != nil {
 		return 0
@@ -272,6 +267,14 @@ func (da *DevAuth) AllowedAccess(req *http.Request) Operation {
 	if pass == da.VivifyPass {
 		return OpVivify
 	}
+
+	// See if the local TCP port is owned by the same non-root user as this
+	// server.  This check performed last as it may require reading from the
+	// kernel or exec'ing a program.
+	if localhostAuthorized(req) {
+		return OpAll
+	}
+
 	return 0
 }