Add new kadmin/ktutil --keep* and --enctypes opts

- Add --keepold/keepallold/pruneall options to various kadmin/ktutil
   commands.  Default behavior to "prune old keys".

 - When setting keys for a service, we need to specify enctypes for it:

    - Always use kadm5_randkey_principal_3() instead of the older
      kadm5_randkey_principal().

    - Add krb5_string_to_keysalts2(), like MIT's krb5_string_to_keysalts(),
      but with a context, and simpler.

    - Add --enctypes options to various kadmin/ktutil commands.

    - Add [libdefaults] supported_enctypes param with enctype[:salttype]
      list.

    - Add [realms] realm supported_enctypes param with enctype[:salttype]
      list.

      Default to aes128-cts-hmac-sha1-96:normal.

lib/kadm5/randkey_s.c

@@ -103,6 +103,14 @@ kadm5_s_randkey_principal(void *server_handle,
 
     if (keepold) {
 	ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
+        if (ret == 0 && keepold == 1)
+            ret = hdb_prune_keys_kvno(context, &ent.entry, 0);
+	if (ret)
+	    goto out3;
+    } else {
+        /* Remove all key history */
+        ret = hdb_clear_extension(context, &ent.entry,
+                                  choice_HDB_extension_data_hist_keys);
 	if (ret)
 	    goto out3;
     }

lib/kadm5/version-script-client.map

@@ -45,6 +45,7 @@ HEIMDAL_KADM5_CLIENT_1.0 {
 		kadm5_init_with_skey_ctx;
 		kadm5_modify_principal;
 		kadm5_randkey_principal;
+		kadm5_randkey_principal_3;
 		kadm5_rename_principal;
 		kadm5_ret_key_data;
 		kadm5_ret_principal_ent;