cert-request: simplify request processing
    
    Currently the cert-request execution is complicated and cannot
    handle aliases in the --principal argument.
    
    Implement the following simplifications:
    
    - Search all user/host/service accounts at once, by krbPrincipalName
      (error if no account found).  Use principal canonical name to
      determine the type of the principal.
    
    - Update subject principals userCertificate attribute uniformly,
      instead of dispatching to user/host/service-mod based on type of
      principal.
    
    Fixes: https://fedorahosted.org/freeipa/ticket/6531
    Reviewed-By: Felipe Volpone <felipevolpone@gmail.com>