Fix 9 security vulnerabilities found in audit

Add HAVE_BAUTH conditional compilation for basic authentication,
mirroring the existing HAVE_DAUTH pattern. This allows libhttpserver
to build against libmicrohttpd installations that lack basic auth
support.

Changes:
- configure.ac: Auto-detect MHD_queue_basic_auth_fail_response,
  define HAVE_BAUTH flag and AM_CONDITIONAL, add to summary output
- src/httpserver/basic_auth_fail_response.hpp: Guard with #ifdef HAVE_BAUTH
- src/basic_auth_fail_response.cpp: Guard with #ifdef HAVE_BAUTH
- src/httpserver.hpp: Conditionally include basic_auth_fail_response.hpp
- src/httpserver/http_request.hpp: Guard get_user(), get_pass(),
  fetch_user_pass() declarations and username/password cache fields
- src/http_request.cpp: Guard fetch_user_pass(), get_user(), get_pass()
  implementations and basic auth output in operator<<
- src/httpserver/create_webserver.hpp: Guard basic_auth()/no_basic_auth()
  methods and _basic_auth_enabled member
- src/httpserver/webserver.hpp: Guard basic_auth_enabled member
- src/webserver.cpp: Guard basic_auth_enabled initialization
- src/Makefile.am: Make basic_auth_fail_response conditional on HAVE_BAUTH
- examples/Makefile.am: Guard basic_authentication and
  centralized_authentication examples behind HAVE_BAUTH
- test/integ/authentication.cpp: Guard basic auth tests with HAVE_BAUTH
- test/unit/create_webserver_test.cpp: Guard basic_auth builder test

Guard basic auth references in ws_start_stop.cpp, basic.cpp,
create_test_request_test.cpp, create_test_request.hpp, and
create_test_request.cpp that would fail to compile when
libmicrohttpd lacks basic auth support.

Add Version 0.20.0 header with bauth conditional compilation and
security fix entries. Bump version in configure.ac to match.

Add HAVE_BAUTH conditional compilation for basic auth

The existing string_response already supports binary content (std::string
can hold arbitrary bytes), but this was not documented or demonstrated
anywhere. This gap caused users to believe a new response type was needed
(see PR #368).

- Add a note to the README's string_response description clarifying
  binary data support
- Add a new "Serving binary data from memory" section with inline example
- Add examples/binary_buffer_response.cpp as a complete, buildable example
  that serves a PNG image from an in-memory buffer
- Register the new example in examples/Makefile.am

https://claude.ai/code/session_01S3BvBrSoNvUhpYTyhPYCjJ

Add ChangeLog entry for the binary buffer example to satisfy the
ChangeLog Check workflow. Add missing #include <utility> for
std::move to fix cpplint warning.

https://claude.ai/code/session_01S3BvBrSoNvUhpYTyhPYCjJ

Add documentation and example for serving binary data from memory

* Fix std::terminate when uri_log receives null uri pointer

libmicrohttpd may invoke MHD_OPTION_URI_LOG_CALLBACK with a null uri
pointer before the request line is parsed - for example on port scans,
TLS clients hitting a plain HTTP port, or half-open connections. The
previous code assigned the raw pointer directly into a std::string,
which throws std::logic_error("basic_string::_M_construct null not
valid"). Because the throw originates inside an MHD C callback with
no enclosing handler, std::terminate() was called and the process
aborted under load.

Treat a null uri as an empty string so the assignment is well-defined.
An empty URI fails to match any registered resource and surfaces as a
404, which is the correct graceful behaviour.

Resolves #371.

* ci(codeql): bump bundled libmicrohttpd to 1.0.3

The CodeQL workflow was still pulling libmicrohttpd-0.9.64 from S3,
which is below the project's stated minimum of 1.0.0 and is no longer
served by the bucket - the install step was failing with "gzip:
stdin: not in gzip format" because curl received a 243-byte error
response instead of the tarball. Bump to 1.0.3 from the same S3
location so CodeQL can build the project again.

* ci: bump bundled libmicrohttpd to 1.0.3 in release and verify-build

Aligns release.yml and verify-build.yml with codeql-analysis.yml so all
workflows pull the same libmicrohttpd-1.0.3.tar.gz from S3. This also
brings CI in line with the project's documented minimum of >= 1.0.0
(0.9.77 was below that threshold). Cache keys include the new version
so existing 0.9.77 entries are not reused.

* test: add unit test for uri_log null/empty/valid uri handling

Adds test/unit/uri_log_test.cpp to lock in the fix for issue #371. The
test calls uri_log() directly (re-declaring the symbol since it has no
public header) and verifies three cases:

  - null uri does not throw and yields an empty complete_uri
  - valid uri is stored verbatim
  - empty uri is stored verbatim

The first case is the regression check: against the unfixed code,
running the test crashes the process (SIGSEGV from dereferencing the
null pointer inside std::string's assignment operator on libstdc++ 13;
on the older libstdc++ 10 from the bug report it threw std::logic_error
and aborted via std::terminate). With the fix in place, all three sub-
tests pass cleanly.

The new test target needs an explicit -lmicrohttpd in its link line
because it instantiates ~modded_request() directly, which references
MHD_destroy_post_processor; the default LDADD only pulls libmicrohttpd
in transitively via libhttpserver.la, and modern ld enforces
--no-copy-dt-needed-entries.

* test(uri_log): satisfy cpplint build/include_subdir for httpserver.hpp

cpplint flags bare "httpserver.hpp" with build/include_subdir [4].
Match the convention used by every other test file in the repo and
prefix the include with "./" so cpplint considers the directory
explicit.