The second line is pointless, the first three columns are compared against the incoming connection host/user/dbname to find out how authentication should be handled. The first match wins. So for every local connection peer, and only peer, is going to be used since everything matches all/all.
There is no way to give a user a choice of how to authenticate. There will be one accepted option for a given set of connection values.