It seems that the solution to accepting users from localhost is to create a copy of the user with @'localhost' (in addition to user@'%'). I'm trying very hard to understand the logic here, because it seems kind of bat-nuts crazy that the 'any host' wildcard, '%', wouldn't also accept localhost connections. Creating a second user isn't very practical when dealing with a large number of users. If a user changes their own password, it would then leave the other one unaffected.
Is there any sort of workaround to allowing user@'%' to accept localhost connections?