cookie_authentication_handler does not properly handle AuthSession signatures starting with ":" character(s)

AuthSession cookies will intermittently "break" — a user will have a perfectly valid session, but suddenly after their cookie gets refreshed they can randomly get "logged out" for practical purposes.

The cause is that Erlang's `string:tokens` behaviour does act as this code expects:
https://github.com/apache/couchdb/blob/7d4181346626c0cdb50b44f7e5e33435a8ccae0f/src/couchdb/couch_httpd_auth.erl#L163
https://github.com/apache/couchdb/blob/7d4181346626c0cdb50b44f7e5e33435a8ccae0f/src/couchdb/couch_httpd_auth.erl#L183

After evaluating `[A,B | C] = string:tokens("a:b::c:d").` the value of C is not `["","c","d"]` but rather `["c","d"]`. So when rejoined, the signature becomes "c:d" instead of the original ":c:d"!

It appears that using re.split/2 would avoid this problem, but yields a list/array result containing <<"">> instead of "" types, which string:join does not like. Should be pretty quick fix though for someone who knows just a bit more of the Erlang way.