Fix string_insert_hrefs() to handle URLs with user/password

This function inserts the hrefs in 2 steps: 1) URLs and 2) emails.

When the string contains URLs specifying a username and/or password,
e.g. http://user@example.com/ or http://user:password@example.com/
the 2nd call to pcre_replace() processes the part of it that matches the
email address specification, resulting in broken links and text display
as well as invalid HTML generation.

This commit fixes the behavior by adding logic to distinguish URLs with
password and actual emails addresses.

Backport of 1.3.x commit f460bbd253e228753360e72984c5ac878b4e553e
Uses create_function() for preg_replace_callback instead of an Anonymous
function, as they are not supported in PHP < 5.3.

Fixes 0012781