Be more strict if applying double quotes around passwords
When authenticating we handle the control password as follows:
// Surround non-hex strings with double quotes.
const kIsHexRE = /^[A-Fa-f0-9]*$/;
if (!kIsHexRE.test(pwdArg))
pwdArg = '"' + pwdArg + '"';
But the spec says "AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF
and HEXDIG
being DIGIT / "A" / "B" / "C" / "D" / "E" / "F"
according to RFC 2234. Thus, we are a bit more lenient than we should at the moment.