Keep context keys private

Instead, offer type safe accessors, as documented here:

https://pkg.go.dev/context#Context

auth/imap.go

@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"context"
 	"log"
 	"net/http"
 
@@ -59,7 +58,7 @@ func (prov *IMAPProvider) doAuth(next http.Handler,
 		AuthMethod: "imap",
 		UserName:   user,
 	}
-	ctx := context.WithValue(r.Context(), AuthCtxKey, &authCtx)
+	ctx := NewContext(r.Context(), &authCtx)
 	r = r.WithContext(ctx)
 	next.ServeHTTP(w, r)
 }