net/tshttpproxy: support HTTP proxy environment credentials on Windows too

and some minor style nits.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

net/tshttpproxy/tshttpproxy_test.go

@@ -2,48 +2,52 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !windows
-
 package tshttpproxy
 
 import (
 	"net/url"
+	"runtime"
+	"strings"
 	"testing"
 )
 
 func TestGetAuthHeaderNoResult(t *testing.T) {
-	const proxyURL = `http://127.0.0.1:38274`
+	const proxyURL = "http://127.0.0.1:38274"
 
 	u, err := url.Parse(proxyURL)
 	if err != nil {
 		t.Fatalf("can't parse %q: %v", proxyURL, err)
 	}
 
-	ahval, err := GetAuthHeader(u)
+	got, err := GetAuthHeader(u)
 	if err != nil {
 		t.Fatalf("can't get auth header value: %v", err)
 	}
 
-	if ahval != "" {
-		t.Fatalf("wanted auth header value to be empty, got: %q", ahval)
+	if runtime.GOOS == "windows" && strings.HasPrefix(got, "Negotiate") {
+		t.Logf("didn't get empty result, but got acceptable Windows Negotiate header")
+		return
+	}
+	if got != "" {
+		t.Fatalf("GetAuthHeader(%q) = %q; want empty string", proxyURL, got)
 	}
 }
 
 func TestGetAuthHeaderBasicAuth(t *testing.T) {
-	const proxyURL = `http://user:password@127.0.0.1:38274`
-	const expect = `Basic dXNlcjpwYXNzd29yZA==`
+	const proxyURL = "http://user:password@127.0.0.1:38274"
+	const want = "Basic dXNlcjpwYXNzd29yZA=="
 
 	u, err := url.Parse(proxyURL)
 	if err != nil {
 		t.Fatalf("can't parse %q: %v", proxyURL, err)
 	}
 
-	ahval, err := GetAuthHeader(u)
+	got, err := GetAuthHeader(u)
 	if err != nil {
 		t.Fatalf("can't get auth header value: %v", err)
 	}
 
-	if ahval != expect {
-		t.Fatalf("wrong auth header value: want: %q, got: %q", expect, ahval)
+	if got != want {
+		t.Fatalf("GetAuthHeader(%q) = %q; want %q", proxyURL, got, want)
 	}
 }