improve SCRAM implementation
ServerSignature isn't checked when authenticating. If server gives a wrong ServerSignature, Gajim still connect, while it should not.
RFC says:
The client then authenticates the server by computing the
ServerSignature and comparing it to the value sent by the server. If
the two are different, the client MUST consider the authentication
exchange to be unsuccessful and it might have to drop the connection.