Clear thread-local even if an error is thrown

[amomchilov]

trafficstars

If the operation() throws an error, this clean-up won't happen.

Since this thread-local will stick around, subsequent calls to ClientIdentity.current will be incorrect. This would let effectiveUserID/effectivegroupID/code be called and return stale values, rather than fatalError()ing as intended.

I can't think of any immediate way to exploit this, but it's still best to just always clean it up.