rpcserver: x509_login: Handle unsuccessful certificate login gracefully
When mod_lookup_identity is unable to match user by certificate (and username)
it unsets http request's user. mod_auth_gssapi is then unable to get Kerberos
ticket and doesn't set KRB5CCNAME environment variable.
x509_login.__call__ now returns 401 in such case to indicate that request was
not authenticated.
https://pagure.io/freeipa/issue/6225
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>