http: allow 'auth.prefix' to have a username consistent with the URI
It may be a little weird to put a username in the prefix, but the documentation
doesn't disallow it, and silently disallowing it has caused confusion. The
username must match what is passed in (which seems to be from the URI via a
circuitous route), as well as 'auth.username' if it was specified. I thought
about printing a warning for a mismatch, but we already don't print a warning if
the 'auth.username' and URI username don't match.
This change allows the first and second last new test cases to work as expected.
It looks like this would have been a problem since at least 0593e8f81c71.