Make sure the reply is marked as finished and that the body is received
even if we didn't succeed.
In a real scenario that would include some text like Access Denied.
Also, no longer clear() the authenticationHeader in the server, since
that meant the server would not send the header again if the client
failed to authenticate. Luckily this wasn't actually causing any
problems before, since we only tested the expected www-authenticate
header.
As a drive-by: clang-tidy complained about not using const-ref for a
lambda.
Pick-to: 6.6 6.5 6.2
Change-Id: Ia4452fff7d9370d7d460433257d84eff0a6f469b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
f4c8e11ad7