fix: report more unrecoverable errors during SASL authentication

[faec]

Several types of unrecoverable connection / authentication failure are not recognized as unrecoverable, and result in retrying all brokers and falling back on "client has run out of brokers to talk to" after they all fail. The errors that can cause this include unsupported SASL mechanisms, TLS versions, and ciphers, as well as invalid broker certificates and bad connection protocols. This PR adds additional error types and recognizes them as unrecoverable, so they are reported immediately to the client's error channel instead of only within Sarama's debug output.

This is based on a similar PR in Elastic's vendored Sarama, based on confusion we were seeing with the "run out of brokers to talk to" message.

[dnwe]

@faec thanks for taking the time to send these fixes over, it's much appreciated!

The only one I'm not sure about is the old workaround for Azure's OffsetFetchResponse behaviour, as I was thinking we should probably just stick to Kafka's expected protocol in that respect.

I thought this had been fixed upstream (based on the previous chat on https://github.com/Shopify/sarama/issues/1540) — do you happen to know if this is still regressing and re-occurring in the wild?

[faec]

Oh, that test was my mistake! That must have been leftover in my local directory and got re-added when I made the upstream patch.

[github-actions[bot]]

Thank you for your contribution! However, this pull request has not had any activity in the past 90 days and will be closed in 30 days if no updates occur. If you believe the changes are still valid then please verify your branch has no conflicts with main and rebase if needed. If you are awaiting a (re-)review then please let us know.