Fix contributed by Jeffrey C. Ollie.

I haven't tested the fix because the situation is non-trivial to
reproduce.

The basic solution is to get rid of the __current_realm attribute of
authentication handlers.  Instead, prevent infinite retries by
checking for the presence of an Authenticate: header in the request
object that exactly matches the Authenticate: header that would be
added.

The problem prevent authentication from working correctly in the
presence of retries.

Ollie mentioned that digest authentication has the same problem and I
applied the same solution there.