The changes simplify the `req` method by moving the
authentication-related code into the API.
This makes it easy to add additional authentication methods.
The API introduces an `Authorizer` that acts as an
authenticator factory. The authentication flow itself
is divided down into `Authorize` and `Verify` steps in order
to encapsulate and control complex authentication challenges.
The default `NewAutoAuth` negotiates the algorithms.
Under the hood, it creates an authenticator shim per request,
which delegates the authentication flow to our authenticators.
The `NewEmptyAuth` and `NewPreemptiveAuth` authorizers
allow you to have more control over algorithms and resources.
The API also allows interception of the redirect mechanism by setting
the `XInhibitRedirect` header.
This closes: #15#24#38
Christoph Polcin
yyeltsyn
Jarek Kowalski
Christoph Polcin
Vitalii
David