s4-kdc Rework supported encryption type logic to match Microsoft

s4-kdc Rework supported encryption type logic to match Microsoft

Thanks to Hongwei Sun for the clear description of the algorithim
involved.  Importantly, it isn't possible to remove encryption types
from the list, only to add them over the defaults (DES and
arcfour-hmac-md5, and additional AES for DCs and RODCs).

This changes the behaviour for entries with
msDS-supportedEncryptionTypes: 0, which Angelos Oikonomopoulos
reported finding set by ADUC when attempting to store cleartext
passwords.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 16 21:24:43 UTC 2010 on sn-devel-104