Set incoming server auth method from negotiated SASL mechanism
Stop assuming inbound s2s SASL authentication always uses EXTERNAL. When SASL succeeds, derive `ServerSession.AuthenticationMethod` from the actual negotiated mechanism name instead:
- EXTERNAL -> SASL_EXTERNAL
- any other mechanism -> OTHER
This makes session state reflect the real authentication method used and removes brittle coupling to current mechanism availability.
Optimize SASL mechanism validation by avoiding unnecessary XML conversions
Replace Element-based mechanism lookups with direct set operations. Eliminates redundant dom4j manipulation.
Adds unit test coverage
None of this is expected to introduce functional changes. Pre-existing public method signatures are left intact for backwards compatibility.
OF-3268: Refactor SASL EXTERNAL S2S success path to remove duplicate checks
Remove redundant inbound S2S post-auth verification from `SASLAuthentication.handle(...)` after `saslServer.isComplete()`.
For SASL EXTERNAL, certificate/domain verification is already performed by `ExternalServerSaslServer.evaluateResponse(...)`, while authentication method assignment is already handled in `authenticationSuccessful(...)`.
This change simplifies control flow and clarifies responsibility without intended behavior change.
