krb5 address checks and loopback connections

[Sam Hartman]

Well, the obvious reason not to implement this is the anti-spoofing
concerns you have already discussed.  On Linux there is spoof
protection, but many other OSes do not have this protection.

We could also get around this problem in the tests by changing the
default to issue addressless tickets.  We are going to make that
change for clarifications and certainly for extensions, so we might as
well make that soon.