kdc: fix compliance with RFC 8062 Section 4.1

RFC 8062 states that if the client in the AS request is anonymous, the
anonymous KDC option must be set in the request; otherwise, KDC_ERR_BADOPTION
must be returned. We were previously returning KDC_ERR_C_PRINCIPAL_UNKNOWN.

kdc/kerberos5.c

@@ -1763,7 +1763,7 @@ _kdc_as_rep(kdc_request_t r,
     if (_kdc_is_anonymous(context, r->client_princ)) {
 	if (!_kdc_is_anon_request(b)) {
 	    kdc_log(context, config, 0, "Anonymous ticket w/o anonymous flag");
-	    ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+	    ret = KRB5KDC_ERR_BADOPTION;
 	    goto out;
 	}
     } else if (_kdc_is_anon_request(b)) {