HTTP Compliance: do not cache replies to requests with CC/no-store.

Per RFC 2616, do not store any part of response to requests with no-store
Cache-Control directive.

We may still serve no-store requests from the cache because RFC 2616 does not
seem to prohibit that. This may change if HTTPbis or developers decide to
prohibit no-store hits.

Co-Advisor test case:
    test_case/rfc2616/ccReqDirMsg-no-store-basic

=== modified file 'src/http.cc'
--- src/http.cc	2010-09-14 07:37:38 +0000
+++ src/http.cc	2010-09-22 15:56:41 +0000
@@ -354,40 +354,46 @@ HttpStateData::cacheableReply()
     const char *v;
 #if USE_HTTP_VIOLATIONS
 
     const refresh_t *R = NULL;
 
     /* This strange looking define first looks up the refresh pattern
      * and then checks if the specified flag is set. The main purpose
      * of this is to simplify the refresh pattern lookup and USE_HTTP_VIOLATIONS
      * condition
      */
 #define REFRESH_OVERRIDE(flag) \
     ((R = (R ? R : refreshLimits(entry->mem_obj->url))) , \
     (R && R->flags.flag))
 #else
 #define REFRESH_OVERRIDE(flag) 0
 #endif
 
     if (surrogateNoStore)
         return 0;
 
+    // RFC 2616: do not cache replies to responses with no-store CC directive
+    if (request && request->cache_control &&
+        EBIT_TEST(request->cache_control->mask, CC_NO_STORE) &&
+        !REFRESH_OVERRIDE(ignore_no_store))
+        return 0;
+
     if (!ignoreCacheControl) {
         if (EBIT_TEST(cc_mask, CC_PRIVATE)) {
             if (!REFRESH_OVERRIDE(ignore_private))
                 return 0;
         }
 
         if (EBIT_TEST(cc_mask, CC_NO_CACHE)) {
             if (!REFRESH_OVERRIDE(ignore_no_cache))
                 return 0;
         }
 
         if (EBIT_TEST(cc_mask, CC_NO_STORE)) {
             if (!REFRESH_OVERRIDE(ignore_no_store))
                 return 0;
         }
     }
 
     if (request->flags.auth || request->flags.auth_sent) {
         /*
          * Responses to requests with authorization may be cached