Vendor all dependencies (Warning: Huge changeset.)

The vendor/ folder was created with the help of @FiloSottile's gvt and
vendorcheck.

Any dependencies of Caddy plugins outside this repo are not vendored.

We do not remove any unused, vendored packages because vendorcheck -u
only checks using the current build configuration; i.e. packages that
may be imported by files toggled by build tags of other systems.

CI tests have been updated to ignore the vendor/ folder. When Go 1.9 is
released, a few of the go commands should be revised to again use ./...
as it will ignore the vendor folder by default.

vendor/github.com/jimstudt/http-authentication/basic/sha.go

@@ -0,0 +1,43 @@
+package basic
+
+import (
+	"crypto/sha1"
+	"crypto/subtle"
+	"encoding/base64"
+	"fmt"
+	"strings"
+)
+
+type shaPassword struct {
+	hashed []byte
+}
+
+// Accept valid SHA encoded passwords.
+func AcceptSha(src string) (EncodedPasswd, error) {
+	if !strings.HasPrefix(src, "{SHA}") {
+		return nil, nil
+	}
+
+	b64 := strings.TrimPrefix(src, "{SHA}")
+	hashed, err := base64.StdEncoding.DecodeString(b64)
+	if err != nil {
+		return nil, fmt.Errorf("Malformed sha1(%s): %s", src, err.Error())
+	}
+	if len(hashed) != sha1.Size {
+		return nil, fmt.Errorf("Malformed sha1(%s): wrong length", src)
+	}
+	return &shaPassword{hashed}, nil
+}
+
+// Reject any password encoded as SHA.
+func RejectSha(src string) (EncodedPasswd, error) {
+	if !strings.HasPrefix(src, "{SHA}") {
+		return nil, nil
+	}
+	return nil, fmt.Errorf("sha password rejected: %s", src)
+}
+
+func (s *shaPassword) MatchesPassword(pw string) bool {
+	h := sha1.Sum([]byte(pw))
+	return subtle.ConstantTimeCompare(h[:], s.hashed) == 1
+}