Explcitly state that "public" allows responses with Authentication to…

… be stored

In httpwg#161, the suggestion was made to explicitly note when a directive
allows the response to be cached, even with Authorization being used.

According to section `caching.authenticated.responses`, `public` also
has this effect, so I added a note there.

Additionally, in `cache-response-directive.s-maxage`, I tried to
make it clearer that `s-maxage` overrides Authorization as well,
due to the implication of proxy-revalidate and thus must-revalidate.

draft-ietf-httpbis-cache-latest.xml

@@ -1596,6 +1596,11 @@
    due to their status codes not being defined as heuristically cacheable; see
    <xref target="heuristic.freshness"/>.)
 </t>
+<t>
+   The "public" directive also has the effect of allowing a stored
+   response to be used to satisfy a request with an Authorization header
+   field; see <xref target="caching.authenticated.responses"/>.
+</t>
 </section>
 
 <section title="private" anchor="cache-response-directive.private">
@@ -1679,11 +1684,11 @@
    The "s-maxage" response directive indicates that, in shared caches, the
    maximum age specified by this directive overrides the maximum age
    specified by either the max-age directive or the <x:ref>Expires</x:ref>
-   header field. The s-maxage directive also implies the semantics of the
-   proxy-revalidate response directive.
+   header field.
 </t>
 <t>
-   The s-maxage directive also has the effect of allowing a stored
+   The "s-maxage" directive also implies the semantics of the
+   "proxy-revalidate" directive. Consequently, it allows a stored
    response to be used to satisfy a request with an Authorization header
    field; see <xref target="caching.authenticated.responses"/>.
 </t>