Fix sensitive data leaking in Authentication

[jagerman]

The current Authentication constructor has multiple points where a copy can get made: in the arguments themselves, in the intermediate concatenations, and in the potential need for the concatenation to copy itself during a memory reallocation.

An additional copy of the auth data could end up unwiped in the implicit move constructor/assignment (in particular when small string optimization applies to the value).

Any such copies end up potentially leaving the sensitive data behind in memory, undermining the changes in #776 that were trying to securely erase such sensitive data.

This commit avoids any such copies by:

• changing Authentication to take std::string_views (instead of std::string) for username and password so that no copy of input will be done
• properly reserving auth_string_ to its required size before building it
• Adding an explicit move constructor that resizes the moved-from auth string to capacity to ensure it gets erased when SSO applies.
• Adding an explicit move assignment operator that wipes the current value before replacing it, and properly resizes the moved-from string to capacity to ensure it gets wiped when SSO applies.