If we're in HTTP Basic authentication mode, it's vital to return 401

If we're in HTTP Basic authentication mode, it's vital to return 401
for _any_ failed authentication, because that's what causes the
browser to give you a repeat password prompt. If we ever return 403,
the browser will _remember_ your wrong password, and give you 403
again the next time without letting you have a chance to
reauthenticate.

git-svn-id: svn://svn.tartarus.org/sgt/agedu@8280 cda61777-01e9-0310-a592-d414129be87e