kdc: support for GSS-API pre-authentication

Add support for GSS-API pre-authentication to the KDC, using a simplified
variation of draft-perez-krb-wg-gss-preauth-02 that encodes GSS-API context
tokens directly in PADATA, and uses FX-COOKIE for state management.

More information on the protocol and implementation may be found in
lib/gssapi/preauth/README.md.

lib/gssapi/version-script.map

@@ -43,6 +43,7 @@ HEIMDAL_GSS_2.0 {
 		gss_export_name;
 		gss_export_name_composite;
 		gss_export_sec_context;
+		gss_get_instance;
 		gss_get_mic;
 		gss_get_neg_mechs;
 		gss_get_name_attribute;
@@ -116,6 +117,7 @@ HEIMDAL_GSS_2.0 {
 		gsskrb5_set_send_to_kdc;
 		gsskrb5_set_time_offset;
 		krb5_gss_register_acceptor_identity;
+		krb5_gss_set_init_creds;
 		gss_display_mech_attr;
 		gss_inquire_attrs_for_mech;
 		gss_indicate_mechs_by_attrs;
@@ -133,6 +135,13 @@ HEIMDAL_GSS_2.0 {
 		_gsskrb5cfx_wrap_length_cfx;
 		_gssapi_wrap_size_cfx;
 
+		_krb5_gss_data_to_buffer;
+		_krb5_gss_buffer_to_data;
+		_krb5_gss_map_error;
+		_krb5_gss_pa_parse_name;
+		_krb5_gss_pa_unparse_name;
+		_krb5_gss_pa_derive_key;
+
 		__gss_krb5_copy_ccache_x_oid_desc;
 		__gss_krb5_get_tkt_flags_x_oid_desc;
 		__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;