CVE-2021-22946: Protocol downgrade required TLS bypassed

## Summary: In imap and pop3, --ssl-reqd is silently ignored if the capability command failed. In ftp, a non-standard 230 response (preauthentication?) in the greeter message forces curl to continue unencrypted, even if TLS has been required. ## Steps To Reproduce: Use a parameterizable test server to fail capability command for imap (CAPABILITY reply: A001 BAD Not implemented) and pop3 (CAPA reply: -ERR Not implemented) and to send response code 230 in FTP server greeting message. 1. curl --ssl-reqd imap://server/... 2. curl --ssl-reqd pop3://server/... 3. curl --ssl-reqd --ftp-ssl-control ftp://server/... These 3 commands are successsful, but network sniffing shows that TLS is never negotiated. ## Impact A MitM can silently deny mandatory TLS negotiation and thus sniff and/or update unencrypted transferred data.