Support for multiple authentication schemes via HTTP.

As per RFC7230, HTTP authentication does support using multiple schemes in a single Authorization header. Our current implementations do not seem to support this; namely the libprocess basic authenticator does assume a single scheme.
The above RFC also says explicitly that we must never have multiple Authorization headers in the same request but must combine them.
RFC2617 then has additional information on how to properly react upon multiple authentication schemes (also via proxy auth).