krb5: Improve cccol sub naming; add gss_store_cred_into2()

- Formalize the TYPE:collection_name:subsidiary_name naming scheme for
   ccaches in ccache collections
    - KEYRING: ccaches are weird because they have one more optional field: the
      "anchor", so rather than just assume a naming convention everywhere, we
      add new functions as well
 - Add krb5_cc_{resolve,default}_sub() that allows one to specify a
   "subsidiary" ccache name in a collection separately from the
   collection name
 - Add krb5_cc_{resolve,default}_for() which take a principal name,
   unparse it, and use it as the subsidiary ccache name (with colons
   replaced)
 - Make kinit use the new interfaces
 - Add missing DIR ccache iteration functionality
 - Revamps test_cc
 - Add krb5_cc_get_collection() and krb5_cc_get_subsidiary()
 - Bump the ccops SPI version number
 - Add gss_store_cred_into2()
 - Make MEMORY:anonymous not linked into the global MEMORY ccache
   collection, and uses this for delegated cred handles

TBD:

 - Split this up into a krb5 change and gss mech_krb5 change?
 - Add krb5_cc_init_and_store() utility, per Greg's suggestion?

kcm/glue.c

@@ -44,15 +44,27 @@ RCSID("$Id$");
 #define KCMCACHE(X)	((kcm_ccache)(X)->data.data)
 #define CACHENAME(X)	(KCMCACHE(X)->name)
 
-static const char *
+static krb5_error_code
 kcmss_get_name(krb5_context context,
-	       krb5_ccache id)
+	       krb5_ccache id,
+               const char **name,
+               const char **col,
+               const char **sub)
 {
-    return CACHENAME(id);
+    if (name)
+        *name = CACHENAME(id);
+    if (col)
+        *col = NULL;
+    if (name)
+        *sub = CACHENAME(id);
+    return 0;
 }
 
 static krb5_error_code
-kcmss_resolve(krb5_context context, krb5_ccache *id, const char *res)
+kcmss_resolve(krb5_context context,
+              krb5_ccache *id,
+              const char *res,
+              const char *sub)
 {
     return KRB5_FCC_INTERNAL;
 }