net: log auth errors at WARN level

& with a message that distinguishes auth failures
from general errors.

This improves log hygiene on internet-facing clusters that
will typically receive malformed probing connections from
time to time.

src/v/net/connection.cc

@@ -95,6 +95,18 @@ std::optional<ss::sstring> is_disconnect_exception(std::exception_ptr e) {
     return std::nullopt;
 }
 
+bool is_auth_error(std::exception_ptr e) {
+    try {
+        rethrow_exception(e);
+    } catch (const authentication_exception& e) {
+        return true;
+    } catch (...) {
+        return false;
+    }
+
+    __builtin_unreachable();
+}
+
 connection::connection(
   boost::intrusive::list<connection>& hook,
   ss::sstring name,

src/v/net/connection.h

@@ -31,6 +31,8 @@ namespace net {
 bool is_reconnect_error(const std::system_error& e);
 std::optional<ss::sstring> is_disconnect_exception(std::exception_ptr);
 
+bool is_auth_error(std::exception_ptr);
+
 class connection : public boost::intrusive::list_base_hook<> {
 public:
     connection(

src/v/net/server.cc

@@ -116,7 +116,20 @@ static inline void print_exceptional_future(
     auto disconnected = is_disconnect_exception(ex);
 
     if (!disconnected) {
-        vlog(log.error, "Error[{}] remote address: {} - {}", ctx, address, ex);
+        if (is_auth_error(ex)) {
+            vlog(
+              log.warn,
+              "Authentication Failure[{}] remote address: {} - {}",
+              ctx,
+              address,
+              ex);
+        } else {
+            // Authentication exceptions are logged at WARN, not ERROR, because
+            // they generally point to a misbehaving client rather than a fault
+            // in the server.
+            vlog(
+              log.error, "Error[{}] remote address: {} - {}", ctx, address, ex);
+        }
     } else {
         vlog(
           log.info,