improve uba_audit logging

• throws a <<<ubErrElsInvalidUserOrPwd>>> instead of <<<Access deny>>> in case of invalid user name or password during login
• uba_audit will contain a target username for LOGIN_FAILS action instead of empty string (retrieved from new property Session.pendingUserName)
• uba_audit SECURITY_VIOLATION will contain a target username even in case login is in pending state (before it was empty)