RFC23, RFC24, RFC26 now use variable-length command names that
end in null octet (valid C strings) instead of fixed-length
space padded strings.

- username and password sent as two string frames
- fixed test case to match

- we need to switch to PLAIN according to options.mechanism
- we need to catch case when both peers are as-server (or neither is)
- and to use username/password from options, for client

This implements protocol handshake.
We still need to design and implement 1) API changes so a user
can set username and password, and 2) a mechanism for engine
to authenticate users.