The previous patch made SaslServ aware of pending logins (i.e. SASL
sessions which have succeeded and generated a SVSLOGIN). This one
ensures that aborting a SASL authentication attempt does not destroy
that information: if you successfully authenticate as user A, then begin
and abort another authentication attempt as user B, you will log in as
user A.
This is only relevant in the pre-registration case, when SASL logins
cannot be actioned immediately. It's also necessary to avoid a desync in
this case: if we have already sent a SVSLOGIN for a login, the user is
going to be informed that they've logged in, and the ircd is going treat
them as though they're logged in. Other solutions are possible, but I
think the cleanest one is to action the last SVSLOGIN we sent, mirroring
their effect ircd-side.