minor: refactor session create methods

[david-crespo]

There should be no functional changes here, though the internal error messages are now slightly different between saml login and local login, where before they were the same. Ran into this while working #7339. This logic (which I wrote originally and shuffled around in #7374) never really made sense, and I figured it's good prep for #7818 and friends to clean it up.

The core of the change here is updating two existing functions that returned Result<Option<User>, Error> to just return Result<User, Error> and move the logic about what we do when the user was None inside each function. In both cases, when the user was None we ended up with an Error::Unauthenticated anyway, so we can just do that a moment earlier and eliminate a lot of misdirection.

[david-crespo]

looking up the user by ID when either have the DB model on hand or we don't at the call site makes no sense unless we're trying to rule out the user being deleted in the 1ms between the retrieval and now

[david-crespo]

I traced this waaaay back, and when this was added, there was only spoof login and the user_id was hard-coded. I am confident it is no longer applicable. The methods used to authenticate users for local and SAML login both do the user lookup themselves.

omicron/nexus/src/external_api/console_api.rs

Lines 48 to 70 in 9d54805

	pub async fn spoof_login(
	rqctx: Arc<RequestContext<Arc<ServerContext>>>,
	params: TypedBody<LoginParams>,
	) -> Result<Response<Body>, HttpError> {
	let apictx = rqctx.context();
	let nexus = &apictx.nexus;
	let params = params.into_inner();
	let user_id: Option<Uuid> = match params.username.as_str() {
	"privileged" => Some(USER_TEST_PRIVILEGED.id),
	"unprivileged" => Some(USER_TEST_UNPRIVILEGED.id),
	_ => None,
	};
	if user_id.is_none() {
	return Ok(Response::builder()
	.status(StatusCode::UNAUTHORIZED)
	.header(header::SET_COOKIE, clear_session_cookie_header_value())
	.body("".into())?); // TODO: failed login response body?
	}
	let user_id = user_id.unwrap();
	let session = nexus.session_create(user_id).await?;

[david-crespo]

This diff is annoying due to indentation changes, but the only actual change here was changing return Ok(None); to this. The end result is the same as before because this None was being converted to the error in the now-deleted create_session method. Now the logic is a lot clearer.

[david-crespo]

I'm pretty confident but I would appreciate a very quick look @jmpesp since you wrote this way back in #1358.

[david-crespo]

This was the other helper function. Instead of returning Ok(None) on auth failure and converting that to the error in the calling code, we return the appropriate error directly.