DES phase-out and 1.8

[Sam Hartman]

I'd actually be happier simply setting allow_weak_enctypes to false by
default than decoupling the defaults for default_tkt_enctypes and
default_tgs_enctypes.

I think it will be easier to tell people who run into trouble to set
allow_weak_enctypes to true than to explain to them about
default_*_enctypes.

Also, people who share config files between 1.8 and older releases are
likely to end up with configurations that list explicit enctypes rather
than using the new 1.8 syntax.  Older than 1.7 releases will simply
ignore allow_weak_enctypes.

I'm specifically thinking that for Debian and Ubuntu, I would find it
easier to handle allow_weak_enctypes with debconf than to allow adding
+des to default_tkt_enctypes for 1.8 and beyond but not for 1.7 or
earlier.

However a lot of my thoughts are colored by really bad experience with
default_* from the bad old days.  This is not a strong objection by any
means.  I definitely want to see some motion on getting rid of des.