[krbdev.mit.edu #7721] master_kdc is resolved sooner than necessary

[Greg Hudson via RT]

When krb5_sendto_kdc gets a response, successful or not, it immediately 
looks up the master_kdc value so it can set the value of *use_master.  If 
the response is a failure, the caller may use the returned value of 
*use_master to avoid resending to the master KDC if we happened to pick 
it the first time around.

But in some common cases, the returned value of *use_master is not used.  
It would be more efficient if we looked up the master KDC only after 
determining that the response is a failure that we want to fall back 
from.

Combined with #6782, this issue can cause a DNS lookup to be performed 
for every request, even ones with successful replies, for a realm which 
has krb5.conf configuration for "kdc" but not "master_kdc".