socketio: Delete redundant authentication check

There's no need to perform an authentication check in the socket.io
middleware because `PadMessageHandler.handleMessage` calls
`SecurityMananger.checkAccess` and that now performs authentication
and authorization checks.

This change also improves the user experience: Before, access denials
caused socket.io error events in the client, which `pad.js` mostly
ignores (the user doesn't see anything). Now a deny message is sent
back to the client, which causes `pad.js` to display an obvious
permission denied message.

This also fixes a minor bug: `settings.loadTest` is supposed to bypass
authentication and authorization checks, but they weren't bypassed
because `SecurityManager.checkAccess` did not check
`settings.loadTest`.

src/node/db/SecurityManager.js

@@ -60,15 +60,15 @@ exports.checkAccess = async function(padID, sessionCookie, token, password, user
 
   let canCreate = !settings.editOnly;
 
-  if (settings.requireAuthentication) {
-    // Make sure the user has authenticated if authentication is required. The caller should have
-    // already performed this check, but it is repeated here just in case.
+  // Authentication and authorization checks.
+  if (settings.loadTest) {
+    console.warn(
+        'bypassing socket.io authentication and authorization checks due to settings.loadTest');
+  } else if (settings.requireAuthentication) {
     if (userSettings == null) {
       authLogger.debug('access denied: authentication is required');
       return DENY;
     }
-
-    // Check whether the user is authorized to create the pad if it doesn't exist.
     if (userSettings.canCreate != null && !userSettings.canCreate) canCreate = false;
     if (userSettings.readOnly) canCreate = false;
     // Note: userSettings.padAuthorizations should still be populated even if