fix: enforce deny if present for implicit permissions (#11680)

Implicit permissions for any user is to be allowed to
change their own password, we need to restrict this
further even if there is an implicit allow for this
scenario - we have to honor Deny statements if they
are specified.

cmd/logger/logger.go

@@ -72,9 +72,7 @@ var matchingFuncNames = [...]string{
 	"cmd.(*webAPIHandlers).ListObjects",
 	"cmd.(*webAPIHandlers).RemoveObject",
 	"cmd.(*webAPIHandlers).Login",
-	"cmd.(*webAPIHandlers).GenerateAuth",
 	"cmd.(*webAPIHandlers).SetAuth",
-	"cmd.(*webAPIHandlers).GetAuth",
 	"cmd.(*webAPIHandlers).CreateURLToken",
 	"cmd.(*webAPIHandlers).Upload",
 	"cmd.(*webAPIHandlers).Download",