ad: add ad_use_ldaps
With this new boolean option the AD provider should only use the LDAPS
port 636 and the Global Catalog port 3629 which is TLS protected as
well.
Related to https://pagure.io/SSSD/sssd/issue/4131
Reviewed-by: Pavel Březina <pbrezina@redhat.com>