Fix s-maxage not respected with Authorization headers

[bneradt]

According to RFC 7234 section 3.2, a shared cache can serve cached responses to requests with Authorization headers if the response contains one of the following Cache-Control directives: must-revalidate, proxy-revalidate, public, or s-maxage. The implementation was missing the check for s-maxage, causing requests with Authorization headers to always bypass the cache even when s-maxage was present in the cached response.

This commit adds the missing check for s-maxage in the AuthenticationNeeded() function and includes comprehensive tests to verify the fix and prevent regression.

Fixes: #7227