Basic Auth Filter should include `WWW-Authenticate` header in its 401 response

[zhaohuabing]

A server using HTTP authentication will respond with a 401 Unauthorized response to a request for a protected resource. This response must include at least one WWW-Authenticate header and at least one challenge, to indicate what authentication schemes can be used to access the resource (and any additional data that each particular scheme needs).

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate

[phlax]

cc @wbpcode

[wbpcode]

SGTM.