s3:ntlm_auth: support clients which offer a spnego mechs we don't support (bug #7855)

s3:ntlm_auth: support clients which offer a spnego mechs we don't support (bug #7855)

Before we rejected the authentication if we don't support the
first spnego mech the client offered.

We now negotiate the first mech we support.

This fix works arround problems, when a client
sends the NEGOEX (1.3.6.1.4.1.311.2.2.30) oid,
which we don't support.

metze
(cherry picked from commit f802075f08fe0d86f3d176f2302236aeb5834f3d)
Modified to work in the v3-5-test branch, e.g. use ntlmssp_end()

The last 9 patches address bug #7855 (ntlm_auth only handles the first spnego
mech).
(cherry picked from commit ab69b55011eea73d7c8827fc339feb905474f201)