Following the report on #1536, we use coprocess.Object metadata field for our custom authentication mechanism, using implementations like this one:

	object.Session = &coprocess.SessionState{
		Rate: 1000.0,
		Per:  1.0,
	}
	object.Metadata = map[string]string{
		"token":   validKey,
		"metakey": "metavalue",
	}

	return object, nil

This works fine for custom authentication or the ID extractor mechanism itself (to extract the key only) however the metadata is ignored when SessionManager.UpdateSession is called, this patch fixes this.
Additionally, it makes sure that an encoded session object includes metadata values (the encoded session object is used by post and post-key auth hooks).
The reason why we used coprocess.Object.Metadata instead of interacting with the session metadata field directly is that the native structure (not the Protobuf-generated one) uses interface{} which was trickier to use with Protobuf in the past (see here). For a better support we might modify the coprocess.Session.Metadata field to use the Protobuf.Any type.
This patch doesn't break the compatibility with existing custom authentication implementations but adds missing data useful for a few scenarios.