Add explicit notes around password-less simple auth

[captainpete]

Hi there,

The simple auth bind example does not show how unauthenticated bind success responses can happen. Many A/D servers are configured to have successful bind when no password is supplied if the username is correct. RFC4513 5.1.2 recommends only assuming authenticated bind when password sent was present (and to improve the A/D server configuration).

At the risk of complicating the example I've created this pull request, please let me know how I can improve it!

Thanks, Pete

[aurcioli-handy]

FWIW This to me is a major security oversight of the library and a big gotcha! I just stumbled upon this after realizing a blank password was accepted for an admin login on one of our internal services utilizing this library.