xmpp_sasl_scram: Handle "y" CB flag correctly

RFC 5802 says:

| If the flag is set to "y" and the server supports channel binding, the
| server MUST fail authentication.  This is because if the client sets the
| channel binding flag to "y", then the client must have believed that the
| server did not support channel binding -- if the server did in fact
| support channel binding, then this is an indication that there has been
| a downgrade attack (e.g., an attacker changed the server's mechanism
| list to exclude the -PLUS suffixed SCRAM mechanism name(s)).

Therefore, let authentication fail if we offered the client PLUS methods
and the client sets the "y" flag.

Thanks to Thilo Molitor for spotting the issue.

Author: weiss

src/xmpp_sasl_scram.erl

@@ -260,8 +260,10 @@ cbind_valid(#state{channel_bindings = #{} = Bindings}, <<"p=", Binding/binary>>)
     maps:is_key(Binding, Bindings);
 cbind_valid(#state{channel_bindings = #{}}, _) ->
     false;
-cbind_valid(_, <<"y", _/binary>>) ->
+cbind_valid(#state{channel_bindings = not_available}, <<"y", _/binary>>) ->
     true;
+cbind_valid(_, <<"y", _/binary>>) ->
+    false;
 cbind_valid(_, <<"n", _/binary>>) ->
     true;
 cbind_valid(_, _) ->