gssapi: credential store extensions (#451)

Implement the GSS-API credential store API extensions defined by MIT here:

https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions

Note: we kill off gss_acquire_cred_ext() here. This was never a public API,
although mechanisms could have implemented it and I briefly used it in my
BrowserID prototype mechanism. gss_acquire_cred_ext_from() occupies the place
in the dispatch table where gss_acquire_cred_ext() used to, but this structure
was never visible outside Heimdal (i.e. it is only used by internal
mechanisms);

(Mechanisms that need to accept arbitrary key/value dictionaries from
applications should now implement gss_acquire_cred_from().)

lib/gssapi/krb5/gkrb5_err.et

@@ -17,6 +17,8 @@ error_code G_BAD_MSG_CTX, "Message context invalid"
 error_code G_WRONG_SIZE, "Buffer is the wrong size"
 error_code G_BAD_USAGE, "Credential usage type is unknown"
 error_code G_UNKNOWN_QOP, "Unknown quality of protection specified"
+error_code G_UNKNOWN_CRED_STORE_ELEMENT, "Credential store contained unknown elements"
+error_code G_BAD_PASSWORD_CRED_STORE, "Credential store cannot contain both a password and a credentials cache or client keytab"
 
 index 128