auth-token: Ensure tokens are always wiped on de-auth

auth-token: Ensure tokens are always wiped on de-auth

If tls_deauthenticate() was called, it could in some scenarios leave the
authentication token for a session in memory.  This change just ensures
auth-tokens are always wiped as soon as a TLS session is considered
broken.

Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170328205346.18844-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14344.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit daab0a9fa8ff4f40e8a34707db0ac156d49fbfcb)