Check that Basic authentication user doesn't contain control characters

[avtobiff]

The user-id part of the basic authentication header value should
not contain control characters. This should be validated and
handled accordingly.

RFC 7617 The 'Basic' HTTP Authentication Scheme
Section 2. The 'Basic' Authentication Scheme states [0]

   The user-id and password MUST NOT contain any control characters (see
   "CTL" in Appendix B.1 of [RFC5234]).

RFC 5234Augmented BNF for Syntax Specifications: ABNF
Appendix B.1. Core Rules states

         CTL            =  %x00-1F / %x7F
                                ; controls

[0] https://datatracker.ietf.org/doc/html/rfc7617#section-2
[1] https://datatracker.ietf.org/doc/html/rfc5234#appendix-B.1

[vinoski]

Thanks for opening this. I noticed this same problem when I was looking at #477 and will work on a fix.