Fixed handling of channel bindings on the client side

Fixed handling of channel bindings on the client side

The client side was failing to select a suitable SASL mechanism when
the application specified channel bindings, but didn't make them mandatory
to use. In such a configuration, if a non channel binding capable mechanism
was selected through "client_mech_list" SASL option, sasl_client_start
would fail. For example if the server supports both SCRAM-SHA-1[-PLUS] and
PLAIN and "client_mech_list" was set to "PLAIN", authentication would never
work. This patch fixes the problem.

The patch also cleans up the best SASL mechanism selection code to
prefer better channel bindings over SASL security layer.

Test-information:

Compiled and tested on Windows with msadm expire_mail and imapd.

Signed-off-by: Dave Cridland <dave.cridland@isode.com>