Move security_check() to new_session()

[troglobit]

When starting up, uftpd usually has all privileges. We do a security check to see if the
FTP root is writable, but that should arguably be done after having dropped privileges,
while serving incoming requests.