MDEV-17950 SHOW GRANTS FOR does not work for a user identified with non-existing plugin

Revert the side effect of 7c40996cc8.
Do not convert password hash to its binary representation when a user
entry is loaded. Do it lazily on the first authenticatation attempt.

As a collateral - force all authentication plugins to follow the
protocol and read_packet at least once before accessing info->username
(username is not available before first client handshake packet is read).

Fix PAM and GSSAPI plugins to behave.

plugin/auth_gssapi/sspi_server.cc

@@ -140,7 +140,7 @@ static int get_client_name_from_context(CtxtHandle *ctxt,
 }
 
 
-int auth_server(MYSQL_PLUGIN_VIO *vio, const char *user, size_t user_len, int compare_full_name)
+int auth_server(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *auth_info)
 {
   int ret;
   SECURITY_STATUS sspi_ret;
@@ -155,6 +155,8 @@ int auth_server(MYSQL_PLUGIN_VIO *vio, const char *user, size_t user_len, int co
   SecBuffer     outbuf;
   void*         out= NULL;
   char client_name[MYSQL_USERNAME_LENGTH + 1];
+  const char *user= 0;
+  int compare_full_name;
 
   ret= CR_ERROR;
   SecInvalidateHandle(&cred);
@@ -207,6 +209,19 @@ int auth_server(MYSQL_PLUGIN_VIO *vio, const char *user, size_t user_len, int co
       log_error(SEC_E_OK, "communication error(read)");
       goto cleanup;
     }
+    if (!user)
+    {
+      if (auth_info->auth_string_length > 0)
+      {
+        compare_full_name= 1;
+        user= auth_info->auth_string;
+      }
+      else
+      {
+        compare_full_name= 0;
+        user= auth_info->user_name;
+      }
+    }
     inbuf.cbBuffer= len;
     outbuf.cbBuffer= SSPI_MAX_TOKEN_SIZE;
     sspi_ret= AcceptSecurityContext(