Adding optional alt_auth parameter to allow non-HTPASSWD authentication

[Tythos]

Added optional alt_auth parameter for specification of authentication mechanism via procedural startup (i.e., init.app). Specifically not enabled for command-line invocation for security purposes. The alt_auth parameter propagates to _app.configure, where it is verified and added to the configuration object (which has been extended to include this field). The config.alt_auth attribute is then invoked (if assigned) in the auth decorator object as a drop-in replacement for _app.validate_user.

This is intended to give administrators the ability to hook in other authentication mechanisms when pypiserver is started procedurally. For example, the following .py file (used with a Passenger configuration) provides a basic .CSV-based method (for demo purposes only), which could just as easily be extended to LDAP or other mechanisms.

from pypiserver import app
import csv

def alt_auth(user, pw):
    with open('users.csv', 'r') as f:
        dr = csv.DictReader(f)
        users = [u for u in dr]
    results = [u['username'] == user and u['password'] == pw for u in users]
    return sum(results) == 1

application = app(root='packages', redirect_to_fallback=False, authenticated=['update'], alt_auth=alt_auth)