Authentication commands must not append a session ID per the driver session spec.

CDRIVER-2449 discovered that most auth commands were including the session ID unintentionally. The resolution was to set prohibit_lsid=true in the mongoc_cmd_parts_t used to construct the command. For example, in _mongoc_cluster_auth_node_cr:

   mongoc_cmd_parts_init (
      &parts, cluster->client, auth_source, MONGOC_QUERY_SLAVE_OK, &command);
   parts.prohibit_lsid = true;

However, _mongoc_cluster_auth_node_cyrus and _mongoc_cluster_auth_node_sspi do not set prohibit_lsid. I believe they may still be appending a session ID unintentionally.