Do not expose info about AUTH when authorization is not required

[msztolcman]

Current situation: there is always info in EHLO response:
250-AUTH LOGIN PLAIN (or similar methods).

Expected: if auth_required == False and not auth_callback then AUTH should not be exposed in EHLO response.

I can accept any credentials in auth_callback, but I think client shouldn't try to authenticate at all if server do not expose this method.

[pepoluan]

Okay, make sense. And minimal break as well if auth_required == False.

I'll put that in 1.5.0.