0be9888 adtrust: add default read_keys permission for TDO objects

Authored and Committed by abbra 2 years ago
    adtrust: add default read_keys permission for TDO objects
    
    If trusted domain object (TDO) is lacking ipaAllowedToPerform;read_keys
    attribute values, it cannot be used by SSSD to retrieve TDO keys and the
    whole communication with Active Directory domain controllers will not be
    possible.
    
    This seems to affect trusts which were created before
    ipaAllowedToPerform;read_keys permission granting was introduced
    (FreeIPA 4.2). Add back the default setting for the permissions which
    grants access to trust agents and trust admins.
    
    Resolves: https://pagure.io/freeipa/issue/8067
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>