AD: Use ad_domain to match forest root domain, not the configured domain from sssd.conf
If the sssd.conf domain name was different from the joined domain name,
but sssd was joined to the forest root, the AD subdomains code considered
sssd joined to a non-root domain and tried to discover the forest root.
This could be reproduced by joining sssd to a domain, for example
win.trust.test but calling the sssd.conf domain otherwise, for example:
[domain/addomain]
ad_domain = win.trust.test
This is/was a frequent use-case in the RHEL world, where authconfig
often names the sssd.conf domain 'default'.
Without the patch, the trusted domains were not detected.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>