[krbdev.mit.edu #7951] Add libkdb5 APIs for kadm5 principal tl-data

[Greg Hudson via RT]

The kadm5 system was originally written outside of the krb5 tree.  Under 
the assumption that policy names and password history would only be used 
by the kadmin system, they were packaged together into KRB5_TL_KADM_DATA 
tl-data using xdr marshalling code which lives in libkadm5srv.  To the 
rest of the tree, it's all opaque.

Over time the architecture has changed, and it is no longer true that 
the kadm5 tl-data is only of interest to the kadmin system.  Since it 
was introduce in 1.6, the LDAP KDB module has needed to unmarshal the 
kadm5 data in order to normalize it into specific fields.  It currently 
does so by duplicating the marshalling code.  The FreeIPA KDB module 
also needs to do this; as it has no access to libkadm5srv private 
functions, it presumably duplicates the marshalling code as well.

Also, since 1.8, both in-tree KDB modules need to access the policy name 
in order to do lockout enforcement.  (Over time, this policy lookup will 
probably migrate to the code KDC code, but right now it's done in the 
modules.)  This is currently done by using the private functions from 
libkadm5srv.

We should move the marshalling code into libkdb5 and add APIs similar to 
krb5_dbe_update_last_pwd_change for accessing it.