cgi/actions.c, lib/client*.[ch]: Don't use priv connection to check passwd.

cgi/actions.c, lib/client*.[ch]: Don't use priv connection to check passwd.

If the CGI runs as the main `jukebox' user, then it can connect using
the special `.../private/socket', and the `find_server' function
arranges to do this if it can and no network address has been assigned
in the configuration.

The server doesn't bother to check passwords from clients on privileged
connections.  The result is that if the CGI program runs as the
`jukebox' user, its attempt to check the end-user's password through the
usual login machinery is stymied, since the library automatically sets
up a privileged connection and then the server ignores the password
entirely.  The end result is that, if you set things up in this way,
anyone can log into the CGI program with any known user and any password
at all, at which point they're given a cookie which can be used in
direct communication with the server.

Fix this as follows.

  * Introduce a new version (in the correct namespace for a change) of
    `find_server' which accepts some flags to guide the choice of server
    addresses.

  * Add a flag for the new `disorder_find_server' function to prevent
    trying the privileged socket.

  * Add a function to the client interface (and a bit of state to the
    client structure) to instruct the connection functions not to use a
    privileged connection even if they can.

  * Get the CGI program to use this new function when logging in with a
    password, so that it will always be checked.

Cookies are checked properly, even from privileged clients, so there's
nothing to fix there.