Fix coredump bug when auth header contains invalid characters

Fix coredump bug when auth header contains invalid characters

Apologies for the previous empty commit message.  Here is what
should have been there.

When a Proxy-Authorization header contains invalid characters (ie
NL or CR), BasicUser::extractUsername will emit an error message
and the username will not be set.  However, extractPassword was
also being called and it does not check for funny characters in the
cleartext string.  Thus passwd was being set.  BasicUser::valid was
returning true because it only looked at the passwd.

This bugfix has three components:

1) BasicUser::valid now checks the username, as well as the password.

2) Moved the check for invalid characters to BasicUser::decodeCleartext,
   which now returns boolean.  We will not call extractUsername and
   extractPassword if decodeCleartext fails.

3) extractUsername was freeing the cleartext string, but not setting
   the pointer to NULL, thus causing a double-free in the BasicUser
   destructor.

NOTE that the previous commit left the invalid character check in
extractUsername, but I realized it fits better in decodeCleartext
while writing the commit message, which led to the empty log.