settings, auth/policy: Change auth_policy_request_attributes to be strlist

Also just link to the supported variables rather than duplicating them.
The duplication was also missing fail_type.

Author: sirainen

data/settings.js

@@ -4340,23 +4340,13 @@ If \`no\`, there will be no report for the authentication result.`
 Default has changed.`
 		},
 		tags: [ 'auth_policy' ],
-		values: setting_types.STRING,
+		values: setting_types.STRLIST,
 		seealso: [ 'auth_policy_server_url' ],
 		text: `
 Request attributes specification.
 
-Variables that can be used for this setting:
-
-- [[variable,auth]]
-
-- \`%{hashed_password}\`
-
-  - Truncated auth policy hash of username and password
-
-- \`%{requested_username}\`
-
-  - Logged in user. Same as \`%{user}\`, except for master user logins the
-	same as \`%{login_user}\`.`
+See [[link,auth_policy_variables]] for variables that can be used for this
+setting.`
 	},
 
 	auth_policy_server_api_header: {

docs/core/config/auth/policy.md

@@ -6,6 +6,9 @@ dovecotlinks:
   auth_policy_configuration:
     hash: configuration
     text: Auth Policy Configuration
+  auth_policy_variables:
+    hash: list-of-fields
+    text: Auth Policy Variables
 ---
 
 # Authentication Policy
@@ -44,7 +47,13 @@ auth_policy_hash_nonce = localized_random_string
 # OPTIONAL settings
 #auth_policy_server_api_header = Authorization: Basic <base64-encoded value>
 #auth_policy_hash_mech = sha256
-#auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%{protocol}
+#auth_policy_request_attributes {
+#  login = %{requested_username}
+#  pwhash = %{hashed_password}
+#  remote = %{rip}
+#  device_id = %{client_id}
+#  protocol = %{protocol}
+#}
 #auth_policy_reject_on_fail = no
 #auth_policy_hash_truncate = 12
 #auth_policy_check_before_auth = yes