drive: use secret token to authenticate access to file server on localhost

This prevents Mark-of-the-Web bypass attacks in case someone visits the
localhost WebDAV server directly.

Fixes tailscale/corp#19592

Signed-off-by: Percy Wegmann <[email protected]>

drive/driveimpl/fileserver.go

@@ -48,7 +48,6 @@ func NewFileServer() (*FileServer, error) {
 	if err != nil {
 		return nil, fmt.Errorf("listen: %w", err)
 	}
-	// }
 
 	secretToken, err := generateSecretToken()
 	if err != nil {