allow_weak_enctypes=false and AFS

[ghudson@mit.edu]

Debian developers have an interest in making their OpenAFS packages
work with krb5 1.8 out of the box, and auto-editing krb5.conf is not
the most satisfactory solution.  For more background, see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564753

We are currently planning to add an API which aklog can use to
override the value of allow_weak_crypto, which might look like:

krb5_error_code krb5_allow_weak_crypto(krb5_context ctx, krb5_boolean enable);

This is different from Heimdal's krb5_enctype_enable(), but turns out
to be the easiest change we could make.  (Heimdal uses a rather
different architecture for enabling and disabling enctypes than we
do.)

We also appear to generate a confusing error message in the KDC log
when a client performs a TGS request without including any enctypes
present in the principal.  I'll fix that assuming it doesn't prove to
be too difficult.