base.m4: Add an `auth=...' note to the Received header if we're relaying.

I'd previously resisted doing this, because the full `AUTH=...' notes
I'm passing around look a lot like email addresses and this might
subvert attempts to use extension addresses or the odin forwarder.  But
it seems a shame to lose this information.

Compromise: report the sender, as a bare user-name, only if the
domain-part is us.  This will, at worst, repeat the user name from the
sending MTA, which told us what it was either as the origin for a local
sender, or the authenticated user name from SMTP authentication or
identd (for submission to localhost).