Explicit handling of DIGEST-MD5 vs GSSAPI in quorum auth

The SASL-based quorum authorizer does not explicitly distinguish between the DIGEST-MD5 and GSSAPI mechanisms: it is simply relying on NameCallback and PasswordCallback for authentication with the former and examining Kerberos principals in AuthorizeCallback for the latter.

It turns out that some SASL/DIGEST-MD5 configurations cause authentication and authorization IDs not to match the expected format, and the DIGEST-MD5-based portions of the quorum test suite to fail with obscure errors. (They can be traced to failures to join the quorum, but only by looking into detailed logs.)

We can use the login module name to determine whether DIGEST-MD5 or GSSAPI is used, and relax the authentication ID check for the former. As a cleanup, we can keep the password-based credential map empty when Kerberos principals are expected. Finally, we can adapt tests to ensure "weirdly-shaped" credentials only cause authentication failures in the GSSAPI case.