Missing `WWW-Authenticate` header for 401 response

[zefir-git]

The 401 server error registry response lacks WWW-Authenticate. It seems I forgot this in (blaming) #54 which introduced server-defined 401 errors (in #30 401 errors were expected to be sent by implementing apps—thus not affected).

IMO there needs to be a public API for generating the header based on the available Authenticators. Authenticators could define their authentication methods/challenges. Possibly consider that some authenticators may have 0 challenges, while other may have more than 1.