The prior implementation involved some (moderately awkward) layered
`match` expressions; this version skips those in favor of `?`. The cost
is a little less detail about (for example) when serialization errors
happen. On the bright side, it gains us some huge improvements in code
clarity. We might be able to get back the tracing later, with other
library support.
In addition, we know have a couple tests: one to make sure we choose the
authentication method appropriately, and a very basic handshake test for
when we're not actually negotiation a username and password.
