Fix server_set_id for SPA/NTLM auth.

Broken in 4.80 release, commit 08488c86.

We need to leave $auth1 available after the authenticator returns, so
that server_set_id can be evaluated by the caller.  We need to do this
whether we succeed or fail, because server_set_id only makes it into
$authenticated_id if we return OK, but is logged regardless.

Updated test config to set server_set_id; updated logs.