don't leak the existence of gotd repositories to unrelated user accounts In particular, this prevents anonymous user accounts from discovering the existence of other private repositories served by gotd by correctly guessing the name of a private repository. They still wouldn't have read or write access but in some cases even knowledge about the existence of a particular repository could be cause for concern. ok op@

prevent spurious failure of gotd test_clone_basic_access_denied Filter output for a single error message to avoid spurious test failures which result from output appearing in an unexpected order: test_clone_basic_access_denied --- /tmp/gotd-test-clone_basic_access_denied-IkTXPlX5FH/stderr.expected ... +++ /tmp/gotd-test-clone_basic_access_denied-IkTXPlX5FH/stderr ... @@ -1,2 +1,2 @@ -got-fetch-pack: test-repo: Permission denied got: fetch failed +got-fetch-pack: test-repo: Permission denied test failed; leaving test data in /tmp/gotd-test-clone_basic_access_denied-IkTXPlX5FH

fix spurious gotd regress failures caused by fixing gotsh echo_error()

fix group membership check in gotd auth ok op@