In parse_keymgmt(), don't mutate the input string that's been passed
as const, especially since we might need the original value again if
the same key info applies to multiple streams (RTX, for example).

When a resource is 404, and we have auth info - retry with the auth
info the same as if we had receive unauthorised, in case the resource
isn't even visible until credentials are supplied.

Fix a memory leak handling Mikey data.

When generating a random keystring, don't overrun the 30 byte
buffer by generating 32 bytes into it.