If the key length is not a multiple of 40 bits, its base32 representation may be padded, and that padding will be encoded. We already decoded the label (which may contain spaces and other unsafe characters), but not the key. For the sake of simplicity and robustness, we now decode the name and value of every property.
This corresponds to OpenPAM r886.
Add an oath_mode(3) function which translates from mode names to numbers.
Consistently use UINT_MAX, not -1, to indicate an invalid response.
Change the meaning of the window parameter to always indicate the number
of codes to check *in addition* to the current code. Note that for TOTP,
the window goes in both directions; a window of 1 means to check the
current code plus the previous and next.
