Context:
There is an inconsistency in audit logging for failed password authentication attempts. When using mongosh, authentication failures due to incorrect passwords (which fail during the SaslContinue phase with "storedKey mismatch") are not being logged to the audit log.

However the same scenario works correctly with the legacy mongo shell (logs with result code 18). Other authentication results like successful logins and invalid usernames are properly audited when using mongosh.

We should also investigate why SERVER-96269 did not fix it.

Investigation:
In markFailed we were checking if _lastStep == SaslContinue expecting this was updated when doStep failed. _lastStep does not get updated until the guard destructor call happens, after markFailed and doStep finish.