Fixed "satisfy any" if 403 is returned after 401 (ticket #285).

Fixed "satisfy any" if 403 is returned after 401 (ticket #285).

The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the
latter should be returned with the WWW-Authenticate header to request
authentication by a client.

The problem could be triggered with 3rd party modules and the "deny"
directive, or with auth_basic and auth_request which returns 403
(in 1.5.4+).

Patch by Jan Marc Hoffmann.