Add minimum SSF setting
    
    This adds a new configuration setting to the cn=config entry named
    nsslapd-minssf. This can be set to a non-negative integer representing
    the minimum key strength required to process operations. The default
    setting will be 0.
    
    The SSF for a particular connection will be determined by the key
    strength cipher used to protect the connection. If the SSF used for a
    connection does not meet the minimum requirement, the operation will be
    rejected with an error code of LDAP_UNWILLING_TO_PERFORM (53) along
    with a message stating that the minimum SSF was not met. Notable
    exceptions to this are operations that attempt to protect a connection.
    These operations are:
    
        * SASL BIND
        * startTLS
    
    These operations will be allowed to occur on a connection with a SSF
    less than the minimum. If the results of these operations end up with
    a SSF smaller than the minimum, they will be rejected.  Additionally,
    we allow UNBIND and ABANDON operations to go through.
    
    I also corrected a few issues with the anonymous access switch code
    that I noticed while testing.  We need to allow the startTLS extended
    operation to go through when sent by an anonymous user since it is
    common to send startTLS prior to a BIND to protect the credentials.
    I also noticed that we were using the authtype from the operation
    struct to determine is a user was anonymous when we really should
    have been using the DN.  This was causing anonymous operations to
    get through on SSL/TLS connections.