Purpose: Check path validity and user’s access rights.
Check auth-type, auth-user, and/or auth-group in rq->vars.
Return REQ_PROCEED if user (and group) is authorized for this area (ppath in rq->vars).
If not authorized, insert WWW-Authenticate to rq->srvhdrs with a value such as: Basic; Realm=\"Our private area\". Call protocol_status() to set HTTP response status to PROTOCOL_UNAUTHORIZED. Return REQ_ABORTED.