Be more strict if applying double quotes around passwords

When authenticating we handle the control password as follows:

// Surround non-hex strings with double quotes.
const kIsHexRE = /^[A-Fa-f0-9]*$/;
if (!kIsHexRE.test(pwdArg))
pwdArg = '"' + pwdArg + '"';

But the spec says "AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF and HEXDIG being DIGIT / "A" / "B" / "C" / "D" / "E" / "F" according to RFC 2234. Thus, we are a bit more lenient than we should at the moment.