TACACS: T5577: Added mandatory and optional modes for TACACS+

In CLI we can choose authentication logic:

• mandatory - if TACACS+ answered with REJECT, authentication must be stopped and access denied immediately.
• optional (default) - if TACACS+ answers with REJECT, authentication continues using the next module.

In mandatory mode authentication will be stopped only if TACACS+ clearly
answered that access should be denied (no user in TACACS+ database, wrong
password, etc.). If TACACS+ is not available or other errors happen, it will be
skipped and authentication will continue with the next module, like in
optional mode.