[krbdev.mit.edu #7686] kdb5_util add_mkey should ensure master key activation times list exists

[Greg Hudson via RT]

The master key activation times list is a tl-data value on the K/M entry
containing {kvno, time} tuples, and determines which master key is
considered "active" for the purpose of encrypting new keys.

This list is currently written by the kdb5_util create, use_mkey, and 
purge_mkeys commands.  If a KDB was created before 1.7, the list will 
not exist in the K/M entry unless someone has run use_mkey.

In the absence of this list, we have some not-very-optimal fallbacks:

* kadmin/kadmin.local will synthesize a list which assumes that the most 
recent mkvno is active.

* kdb5_util list_mkeys will display the current time as the "active on" 
time for all master keys, and will assume that the most recent mkvno is 
active.

As a result, if you run "kdb5_util add_mkey" on an old KDB, the new 
master key becomes active immediately (although kadmind will not 
recognize this until it restarts; see #7685), before you have had a 
chance to propagate the new master key to slave KDCs.

kdb5_util add_mkey should ensure that the master key activation times 
list exists, so that we get consistent behavior with old and new KDBs.