The push headers are freed after the push callback has been invoked,
meaning this code should only free the headers if the callback was never
invoked and thus the headers weren't freed at that time.

Reported-by: Davey Shafik

Closes #528

... if there are more than one using the same name

As POP3 final and continuation responses both begin with a + character,
and both the finalcode and contcode variables in SASLprotoc are set as
such, we cannot tell the difference between them when we are expecting
an optional continuation from the server such as the following:

+ something else from the server
+OK final response

Disabled these tests until such a time we can tell the responses apart.

According to RFC7628 a failure message may be sent by the server in a
base64 encoded JSON string as a continuation response.

Currently only implemented for OAUTHBEARER and not XAUTH2.

OAUTHBEARER is now the official "registered" SASL mechanism name for
OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
servers won't support the new mechanism yet.

CURLOPT_RESOLVE and CURLOPT_PROXYHEADER were missing

Also sorted the list.

... and sorted curl_is_cb_data_option alphabetically

Curl_ossl_init calls OPENSSL_load_builtin_modules() but
Curl_ossl_cleanup doesn't make a call to free these modules.

Bug: https://github.com/bagder/curl/issues/526

...following commit aba281e7 to fix test 1119.

Also sorted that list alphabetically

As an alias for OBJECTPOINT. Provided to allow us to grep for all string
options easier.

They tend to never get updated anyway so they're frequently inaccurate
and we never go back to revisit them anyway. We document issues to work
on properly in KNOWN_BUGS and TODO instead.

Simplify by removing #ifdefs and macros

We only support >= 0.9.7

The hashes can vary between architectures (e.g. Sparc differs from x86_64).
This is not a fatal problem but just reduces the coverage of these white-box
tests, as the assumptions about into which hash bucket each key falls are no
longer valid.

Following the fix in commit d6d58dd5 it is necessary to re-introduce
XOAUTH2 in the default enabled authentication mechanism, which was
removed in commit 7b2012f2, otherwise users will have to specify
AUTH=XOAUTH2 in the URL.

Note: OAuth 2.0 will only be used when the bearer is specified.

Closes #525

Regression from commit 9e8ced98 which meant if --oauth2-bearer was
specified but the SASL mechanism wasn't supported by the server then
the mechanism would be chosen.

- no point in repeating curl features that is already listed as features
  from the curl -V output

- remove the port numbers/unix domain path from the output unless
  verbose is used, as that is rarely interesting to users.

Added support to the OAuth 2.0 message function for host and port, in
order to accommodate the official OAUTHBEARER SASL mechanism which is
to be added shortly.