Investigate authorization header null termination (MINOR)

[gary-archer]

This came up during the development of another plugin and is a code safety issue that only applies in particular circumstances. It was suggested that the code to form the introspection body does not need to be null terminated, and that header objects can be received as an ngx_str_t whose value does not require null termination. Therefore, do a small investigation to ensure that the plugin code follows best practices.