Clean up akimpersonate and use for server-to-server

Clean up akimpersonate and use for server-to-server

Since a6d7cacfd, aklog has been able to print a krb5 ticket to
itself for an arbitrary client principal, allowing a user with
access to the cell's krb5 key to get tokens as an arbitrary user.

Now that it is possible to use native krb5 tickets with non-DES
enctypes for authentication, and akimpersonate is available from libauth,
use printed native krb5 tickets for server-to-server communication (as well
as the -localauth versions of the client utilities).

Before doing so, refactor the akimpersonate code to be more usable
and readable, and eliminate some dead code.  For example, we always printed
addressless tickets, so that code could be removed.  Other code had excessive
stack usage for a library routine, which is eliminated.  Use a start time
of 0 instead of 300 so that the printed ticket will always be
detected as infinite-lifetime.

In order to ensure usability on all platforms (in particular Solaris),
provide a couple more compat shims to implement routines which are not
always available from the krb5 library, in particular encode_krb5_ticket
and encode_krb5_enc_tkt_part.  Thanks to Andrew Deason for implementing
these compatibility routines.

UKERNEL doesn't need this stuff.

akimpersonate: Handle missing encode_krb5_ticket

If we don't have encode_krb5_ticket and encode_krb5_enc_tkt_part,
implement our own. Basically, transform the appropriate structure into
the Heimdal equivalent, and use our builtin Heimdal ASN.1 encoding
functions to do the actual encoding for us.