clarify CR_OK_HANDSHAKE_COMPLETE

it's for client auth plugins only, server auth plugin should never
return it, because they cannot send a correct OK packet.
(OK packet is quite complex and carries a lot of information that
only the server knows)

include/mysql/plugin_auth_common.h

@@ -85,6 +85,8 @@
   authentication protocol is not known in advance, and the client plugin
   needs to read one packet more to determine if the authentication is finished
   or not.
+
+  Server plugins should not return this value.
 */
 #define CR_OK_HANDSHAKE_COMPLETE -2
 

sql/sql_acl.cc

@@ -14844,10 +14844,7 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
     sctx->external_user= my_strdup(key_memory_MPVIO_EXT_auth_info,
                                    mpvio.auth_info.external_user, MYF(0));
 
-  if (res == CR_OK_HANDSHAKE_COMPLETE)
-    thd->get_stmt_da()->disable_status();
-  else
-    my_ok(thd);
+  my_ok(thd);
 
   PSI_CALL_set_thread_account
     (thd->main_security_ctx.user, static_cast<uint>(strlen(thd->main_security_ctx.user)),