🔒 SASL DIGEST-MD5: kwargs, docs, etc

* 🗑️ Deprecate original constant name.
* ♻️  Refactor to the style used in the new ScramAuthenticator.

Yes, DIGEST-MD5 is deprecated!  But that also means that it is lower
risk as a test-bed for refactoring a more complicated challenge/response
SASL mechanism.  I improved it in several ways:

* 🔒 Use SecureRandom for cnonce (not Time.now + insecure PRNG!)
* ✨ Default qop=auth (as in RFC)
* ✨ User can configure realm, host, service_name, service.
  * This allows a correct "digest-uri" for non-IMAP clients.
* ✨ Enforce requirements for sparam keys (required and no-multiples).

However... it's still deprecated, so don't use it!

Author: nevans