return EPERM, not EINVAL, when GP gateways reject the cookie upon get-config or GET...

return EPERM, not EINVAL, when GP gateways reject the cookie upon get-config or GET-tunnel

Tested against 2 real GlobalProtect gateway servers, which both exhibit
these error behaviors:

1. 'GET /ssl-vpn/config' with bogus 'portal' field in cookie
   => XML error "Portal name not found"
2. 'GET /ssl-vpn/config' with 'user', 'authcookie', or 'portal' fields missing from cookie
   => HTTP/1.1 200, plaintext "errors getting SSL/VPN config"
3. 'GET /ssl-vpn-tunnel' with bogus 'user' or 'authcookie'
   => HTTP/1.1 504 (Gateway Timeout)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>