[krbdev.mit.edu #6814] Improve kdb5_util load locking and recovery

[Greg Hudson via RT]

If a kdb5_util load (without -update) operation aborts, it leaves behind 
a partially constructed temporary DB.  Future load operations will fail 
with "kdb5_util load: File exists.", after krb5_db2_create() gets a 
successful result from check_openable().

We want kdb5_util load to discard remnant temporary DBs from failed load 
operations, but we want to make sure that two load operations don't 
happen concurrently.  The current locking is inadequate for this; the 
temporary DB is locked after it is created and unlocked before it is 
promoted.

To fix this, we need atomic DAL operations for create-and-lock-temp-DB 
and for promote-and-unlock-temp-DB.  Since temporary DB operations are 
the sole property of kdb5_util load, we do not need new interfaces; we 
can modify the contracts of the existing interfaces (krb5_db_create with 
the "temporary" db_arg, and krb5_db_promote).

Only the DB2 back end supports non-update kdb5_util loads, so the scope 
of code modifications should be limited to kadmin/db_util/load.c, 
plugins/kdb/db2/kdb_db2.c, and include/kdb.h (comments only).