How do we want to deal with scans that failed auth_method detection?

[claudijd]

Options...

1.) Investigate further why the auth_method detection isn't working or why the client is erroring
2.) Return a partial result, but fail on compliance for the auth_method part
3.) In cases where we can't determine compliance, maybe we give them a pass on auth_method detection

Cases I think of that could cause this would be services that expect client-side certs or have some sort of MFA requirement, but pokeinthe.io is a good repro target to work with.