Rather than returning an error that requires pattern-matching from
`parseChallenge` when the challenge header requires basic
authentication, return a distinguished error value. This makes checking
for this error a bit easier.
This commit also updates the check in `r.Headers` to use the new error
value and adds a couple of regression tests.
