The auth forwarding special cases had grown a bit hairy with a lot
of duplicated code between WWW-Auth and Proxy-Auth and far from trivial
to follow code logics.
This change breaks this logic out to a separate function shared
in both modes, selecing mode based on type of peer.
Also moves PROXYPASS back into the land of undocumented features. This
is a feature which most would only get confused by and which can cause
significant security issues if used wrongly.