fix(auth): API login for Zope root acl_users user

The Plone login handling code depends on the user's password being at the same place in
the request as the classic Plone login form puts it in order to set the correct
authentication cookie.  Without it, when logging in via the Volto UI component as a user
from the Zope root `acl_users` (e.g. `admin` or `SITE_OWNER_NAME`), they aren't logged
into Plone classic.  The other direction is fine, logging in as `admin` to Plone classic
results in a new request to the Volto UI being logged in.  Fix that edge case by
mimicking the request keys of the login form after parsing the login POST JSON body.

news/1303.feature

@@ -0,0 +1,2 @@
+Logging in to or out of Plone classic or the API does the same in the other.
+[rpatterson]

src/plone/restapi/services/auth/login.py

@@ -28,8 +28,10 @@ def reply(self):
         if "IDisableCSRFProtection" in dir(plone.protect.interfaces):
             alsoProvides(self.request, plone.protect.interfaces.IDisableCSRFProtection)
 
-        userid = data["login"]
-        password = data["password"]
+        # Also add credentials to the request for other code that depends on it.  In
+        # particular, the PAS cookie authentication plugin depends on `__ac_password`.
+        userid = self.request.form["__ac_name"] = data["login"]
+        password = self.request.form["__ac_password"] = data["password"]
         uf = self._find_userfolder(userid)
 
         if uf is not None: