pam_oath: assign safe default to alwaysok config member
The way this was before allowed for the PAM authentication to
potentially succeed when the first goto done
line is hit. If the
undefined data behind alwaysok is non-zero (which is quite probable)
this would happen.
In theory a local attacker could try to exhaust memory just enough to hit this spot and get e.g. root access.