The SOCKS server code goes to some trouble to handle any NULs embedded in SOCKS 4 authentication strings and SOCKS 5 usernames and passwords, and it records the lengths of those strings in the `socks_request` field of the `edge_connection_t`. Then the stream-isolation code uses `strdup` and `strcmp` on them as if they were NUL-terminated strings. We should handle NULs embedded in those strings properly everywhere, and we should probably also use a comparison function that runs in data-independent time when comparing them.