AD: Use ad_domain to match forest root domain, not the configured domain from sssd.conf
    
    If the sssd.conf domain name was different from the joined domain name,
    but sssd was joined to the forest root, the AD subdomains code considered
    sssd joined to a non-root domain and tried to discover the forest root.
    
    This could be reproduced by joining sssd to a domain, for example
    win.trust.test but calling the sssd.conf domain otherwise, for example:
    [domain/addomain]
    ad_domain = win.trust.test
    
    This is/was a frequent use-case in the RHEL world, where authconfig
    often names the sssd.conf domain 'default'.
    
    Without the patch, the trusted domains were not detected.
    
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>