improve SCRAM implementation
ServerSignature isn't checked when authenticating. If server gives a wrong ServerSignature, Gajim still connect, while it should not.
The client then authenticates the server by computing the ServerSignature and comparing it to the value sent by the server. If the two are different, the client MUST consider the authentication exchange to be unsuccessful and it might have to drop the connection.