kdc: Call _kdc_fast_check_armor_pac() prior to calling _kdc_check_pac()

kdc: Call _kdc_fast_check_armor_pac() prior to calling _kdc_check_pac()

The plugin code invoked by _kdc_check_pac() may need to access
explicit_armor_client and explicit_armor_pac, but those fields are not
set until after calling _kdc_fast_check_armor_pac(). Hence we must do
that first.

We also now call _kdc_fast_check_armor_pac() regardless of whether the
ticket was issued by the KDC or whether the server principal is the
krbtgt.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>