Bug 3643: NTLM helpers stuck in reserved state by Safari

Bug 3643: NTLM helpers stuck in reserved state by Safari

NTLM failures are not always cleaning up connection-auth credentials
properly. In particular they are not releasing the NTLM helpers when
the connection is closed between challenge and handshake completion.
Resulting in permanently reserved helpers locking up all access
through the proxy.

This change redesigns the connection authentication state management
to move the auth link/unlink operations into the connection state
manager objects instead of being managed by NTLM auth components.
As a result we are able to manage credentials from any auth scheme
consistently and terminate the connection properly on several
error conditions which the auth components are not easily aware of.

 Fix sponsored by Netbox Blue Pty (http://netboxblue.com/)