Well, "NO CAPABILITY for AUTHENTICATE LOGIN" is pretty clear. Your Cyrus server wouldn't happen to behind a proxy that fiddles with CAPABILITY output, would it?It's not really that clear - you get exactly the same error message with an incorrect password.
I think imapsync is being pretty clear that it's trying to log in as rg01 not authuser1
If I add --debugimap I see this in the output:
Error login : [mail.xxx.xxx] with user [rg01] auth [CRAM-MD5]: 2 NO authentication failure
My sasl_mech_list line includes PLAIN LOGIN CRAM-MD5 and DIGEST-MD5