Optionally use Context for Auth errors

[jkarni]

In the previous servant-auth repo, we had a PR for switching to errors based on the context (much like the rest of the servant ecosystem). throwAll is a bit of a hack (and currently doesn't work with other monads without a bit of extra work.)

@domenkozar pointed out that sometimes we want the authentication result in the handlers, rather than to fail. So I think a version of the PR above, but with a Strict/Lenient (or Required/Optional? Or another, auth-specific combinator?) option, could be good? Then Auth would become a type synonym for Auth' Lenient, and we'd retain backwards compatibility.

[jkarni]

There's another reason this would be helpful. Which is that using throwAll means it's a handler error, and so all other checks operate before it. So you get e.g. a 400 error because the request body wasn't correctly decoded, rather than a 401/403 (thereby potentially leaking more information about the API than you'd like).