Oops, fix bug for authorizing the NeoPass disconnect endpoint

Ahh right, in development `User` and `AuthUser` will have the same ID,
but that got messed up early on for us in production DTI 😅

Here, we switch the form to reference the `User` instead of the
`AuthUser` (to get the ID right), then we also change how we compare
the IDs, because `User#to_param` appends extra text onto the ID after
the number!

app/controllers/neopass_connections_controller.rb

@@ -23,7 +23,7 @@ class NeopassConnectionsController < ApplicationController
 		# the provided user ID matches. The user ID param is only really for REST
 		# semantics and such!
 		raise AccessDenied unless user_signed_in?
-		raise AccessDenied unless current_user.id.to_s == params[:user_id]
+		raise AccessDenied unless current_user.id == params[:user_id].to_i
 		current_user
 	end
 end

app/views/devise/registrations/edit.html.erb

@@ -53,7 +53,7 @@
 <% end %>
 
 <% if resource.neopass? %>
-  <%= form_with url: user_neopass_connection_path(resource), method: :delete,
+  <%= form_with url: user_neopass_connection_path(resource.user), method: :delete,
       class: "settings-form", data: {
         turbo_confirm: "Are you sure? Without a NeoPass, you'll need to use " +
           "your password or your recovery email \"#{resource.email}\" to " +