[security] ensure gid != 0 if server.username set (fixes #2725)

server.username can not be root or 0.
server.groupname can not be root or 0.

If server.username is set, previous behavior might retain gid 0
if server.groupname was not set.

New behavior calls setgid() on server.username primary gid, and
then initgroups on server.username if server.username is set but
server.groupname is not set.

x-ref:
  "server.groupname not required with server.username"
  https://redmine.lighttpd.net/issues/2725

src/server.c

@@ -1020,6 +1020,14 @@ int main (int argc, char **argv) {
 
 #ifdef HAVE_PWD_H
 		/* set user and group */
+		if (!buffer_string_is_empty(srv->srvconf.groupname)) {
+			if (NULL == (grp = getgrnam(srv->srvconf.groupname->ptr))) {
+				log_error_write(srv, __FILE__, __LINE__, "sb",
+					"can't find groupname", srv->srvconf.groupname);
+				return -1;
+			}
+		}
+
 		if (!buffer_string_is_empty(srv->srvconf.username)) {
 			if (NULL == (pwd = getpwnam(srv->srvconf.username->ptr))) {
 				log_error_write(srv, __FILE__, __LINE__, "sb",
@@ -1032,14 +1040,15 @@ int main (int argc, char **argv) {
 						"I will not set uid to 0\n");
 				return -1;
 			}
-		}
 
-		if (!buffer_string_is_empty(srv->srvconf.groupname)) {
-			if (NULL == (grp = getgrnam(srv->srvconf.groupname->ptr))) {
-				log_error_write(srv, __FILE__, __LINE__, "sb",
-					"can't find groupname", srv->srvconf.groupname);
+			if (NULL == grp && NULL == (grp = getgrgid(pwd->pw_gid))) {
+				log_error_write(srv, __FILE__, __LINE__, "sd",
+					"can't find group id", pwd->pw_gid);
 				return -1;
 			}
+		}
+
+		if (NULL != grp) {
 			if (grp->gr_gid == 0) {
 				log_error_write(srv, __FILE__, __LINE__, "s",
 						"I will not set gid to 0\n");