fix(PasswordConfirmationMiddleware): Make more robust

[joshtrichards]

• Resolves: #

Summary

This PR differentiates problematic scenarios, detects them earlier, and handles them more gracefully.

It improves robustness against malformed input and makes edge cases observable and actionable via logs and explicit exceptions, while preserving RFC compliance and known backwards compatibility. It adds targeted validation to detect issues sooner and provide clearer errors and logs instead of failing silently or later when root causes are harder to diagnose.

Other changes

• Expanded test coverage (WIP)
• Key behavior clarification (new comments/docblocks)
• Minor code reformatting

Specifics

• Hardened Basic auth parsing and validation
  • Stricter Basic token extraction (case-insensitive, precise regex)
  • Strict base64 extraction and decoding
  • Maximum base64 token length enforcement
  • Robust username:password extraction
  • UTF-8 payload detection (logged for awareness/troubleshooting)
• New / improved logging and exceptions
  • Explicit logs/exceptions for token extraction and base64 decoding failures
  • Earlier detection and logging when session loginname is missing
  • Immediate failure when password part is missing from the decoded payload
  • Unsupported encodings (non-UTF-8) are logged to aid troubleshooting (behavior preserved)

TODO

• Finish updating tests
• Decide whether to backport or not

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)
• Labels added where applicable (ex: bug/enhancement, 3. to review, feature component)
• Milestone added for target branch/version (ex: 32.x for stable32)