Add the UTF-8 charset auth-param.

[issuefiler]

express-basic-auth/index.js

Lines 66 to 75 in dd17b4d

	function unauthorized() {
	if(challenge) {
	var challengeString = 'Basic'
	var realmName = realm(req)
	if(realmName)
	challengeString += ' realm="' + realmName + '"'
	res.set('WWW-Authenticate', challengeString)
	}

Now that UTF-8 has become the de facto universal standard, I suggest adding the UTF-8 charset auth-param defined by RFC 7617, to the WWW-Authenticate header field value express-basic-auth produces.

WWW-Authenticate: Basic realm="real", charset="UTF-8"

[issuefiler]

The comparison is already being performed in UTF-8.

express-basic-auth/index.js

Lines 7 to 17 in dd17b4d

	function safeCompare(userInput, secret) {
	const userInputLength = Buffer.byteLength(userInput)
	const secretLength = Buffer.byteLength(secret)
	const userInputBuffer = Buffer.alloc(userInputLength, 0, 'utf8')
	userInputBuffer.write(userInput)
	const secretBuffer = Buffer.alloc(userInputLength, 0, 'utf8')
	secretBuffer.write(secret)
	return !!(timingSafeEqual(userInputBuffer, secretBuffer) & userInputLength === secretLength)
	}

[LionC]

Will have to check if this change is 100% downwards compatible. Definitely a good suggestion, thank you!