short version: you need libauth in Go (or start the go9p client/server by C programs that do the auth).
9P facilitates authentication (but doesn't define or dictate the method). intro(5), auth(2) and factotum(4) will be helpful. basically Tauth is used to request a fid to negotiate authentication (a.k.a. afid). Tread's/Twrite's to afid are proxy-delivered to the factotums (authentication agents) of the sever and of the client by each side. once server's factotum is convinced, the server is granted the system privilege to change its process id to the authenticated user. the client attaches (Tattach) to the server's namespace by providing the afid in addition to other parameters. tools like 'ramfs -D' and aux/9pcon are very handy for watching 9P in action.
i'm copying to 9fans; it might be a better place to continue.