Implement realm checks for Kerberos authentication
With this patch, we allow disabling accepting anonymous tickets at Koji, and
for admins to specify which realms are allowed to contact the system in the
case of a trust relationship.
These checks are ignored if a user is explicitly created with the particular
principal, since the checks only happen in the createUserFromKerberos call.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>