logind: avoid shadow lookups when doing userdb client side

logind: avoid shadow lookups when doing userdb client side

Let's not trigger MACs needlessly.

Ideally everybody would turn on userdb, but if people insist in not
doing so, then let's not attempt to open shadow.

It's a bit ugly to implement this, since shadow information is more than
just passwords (but accound validity metadata), and thus userdb's own
"privieleged" scheme is orthogonal to this, but let's still do this for
the client side.

Fixes: #15105
(cherry picked from commit b062ca616c778358d4da008a2950615fac74aa24)

Gbp-Pq: Name logind-avoid-shadow-lookups-when-doing-userdb-client-side.patch