HTTP proxy: correctly handle multiple auth headers.

This is a piece I forgot in the initial implementation of HTTP Digest:
an HTTP server can send _more than one_ authentication request header
(WWW-Authenticate for normal servers, Proxy-Authenticate for proxies),
and if it does, they're supposed to be treated as alternatives to each
other, so that the client chooses one to reply to.

I suppose that technically we were 'complying' with that spec already,
in that HttpProxyNegotiator would have read each new header and
overwritten all the fields set by the previous one, so we'd always
have gone with the last header presented by the server. But that seems
inelegant: better to choose the one we actually like best.

So now we do that. All the details of an auth header are moved out of
the main HttpProxyNegotiator struct into a sub-struct we can have
multiple copies of. Each new header is parsed into a fresh struct of
that kind, and then we can compare it with the previous one and decide
which we prefer.

The preference order, naturally, is 'more secure is better': Digest
beats Basic, and between two Digest headers, SHA-256 beats MD5. (And
anything beats a header we can't make sense of at all.)

Another side effect of this change is that a 407 response which
contains _no_ Proxy-Authenticate headers will trigger an error message
saying so, instead of just going with whatever happened to be left in
the relevant variables from the previous attempt.

proxy/cproxy.h

@@ -73,6 +73,9 @@ extern const bool http_digest_available;
  *  - algorithm to use for computing it (as a const ssh_hashalg *)
  *  - length to truncate the output to
  *  - whether we accept it in http.c or not.
+ *
+ * Finally, the ordering of the accepted hashes is our preference
+ * order among them if the server offers a choice.
  */
 #define HTTP_DIGEST_HASHES(X)                                           \
     X(HTTP_DIGEST_MD5, "MD5", &ssh_md5, 128, true)                      \