Collect all the code in cnt_wait()

Add a new -3 return code from HTC which says that all we've seen so
far is white space.  Use the RFC2616 "LWS" definition of white-space.

Rename "sess_timeout" parameter to "timeout_idle" and describe it more
precisely.  Make it a double, so more precise values can be specified.
The sessions is considered idle even if we receive white-space.

Rename "session_linger" parameter to "timeout_linger", make it a double
and give it units of seconds like other timeouts.

Add new parameter "timeout_req" which controls how long time we give
the client to send the request headers, from the first non-white char.
Set it to two seconds.  Experimentation/Experience requested.

"timeout_req" also gives us positive control of any kind of
"slowlaris" attack scenarios.

I'm trying to group parameters more sensibly, since we sort them
by name, calling them all timeout_*, pool_* etc, makes some sense I hope.