Use AI_NUMERICSERV if block_dns, and use local getaddrinfo to audit.

This change has two parts:

1. Provide our own local implementation of numeric-only getaddrinfo
   in auditdns.c used to audit for DNS leaks, rather than deferring
   to dlsym(RTLD_NEXT, "getaddrinfo"), in terms of inet_pton.

   To keep review and implementation simple, this is limited to
   AI_NUMERICHOST _and_ AI_NUMERICSERV -- this requires that we
   arrange to pass AI_NUMERICSERV in callers too.

2. Wherever we implement block_dns, set AI_NUMERICSERV in addition to
   AI_NUMERICHOST as needed by the new auditdns.c getaddrinfo.

   (In principle this might also avoid other network leaks -- POSIX
   guarantees no name resolution service will be invoked, and gives
   NIS+ as an example.)

   One tiny semantic change to avoid tripping over the auditor:
   kadmin(8) now uses the string "749" rather than the string
   "kerberos-adm".  (Currently we don't audit kadmin(8) for DNS leaks
   but let's avoid leaving a rake to step on.)  Every other caller I
   found is already guaranteed to pass a numeric service rather than
   named service to getaddrinfo.

fix https://github.com/heimdal/heimdal/issues/1212

kadmin/kadm_conn.c

@@ -65,7 +65,11 @@ add_kadm_port(krb5_context contextp, const char *service, unsigned int port)
 static void
 add_standard_ports (krb5_context contextp)
 {
-    add_kadm_port(contextp, "kerberos-adm", 749);
+    if (krb5_config_get_bool(context, NULL, "libdefaults", "block_dns",
+	    NULL))
+	add_kadm_port(contextp, "749", 749);
+    else
+	add_kadm_port(contextp, "kerberos-adm", 749);
 }
 
 /*