ipa-kdb: refactor principal lookup to support S4U2Self correctly
    
    Restructure logic of ipadb_get_principal() to separate retrieval of a
    principal by a name and by an alias. Separate enterprise principal name
    type processing into a helper function to be able to reuse it for own
    aliases.
    
    Unify code in client referrals part to do the same and use krb5 API to
    deal with principals rather than parsing strings. The end result is the
    same but we follow common rules in MIT Kerberos to process principals.
    
    An enterprise principal is typically "name@SOMEREALM@REALM", but any
    principal might be parsed as enterprise principal, so we could get
    "name@REALM" marked as such. When unparsing the enterprise principal,
    re-parse it again with default realm values, to get our realm
    normalization.
    
    This behavior would fix situations when GSSAPI calls are operating on a
    non-qualified principal name that was imported as a
    GSS_KRB5_NT_ENTERPRISE_NAME when calling gss_import_name().
    
    Related: https://pagure.io/freeipa/issue/8319
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Signed-off-by: Isaac Boukris <iboukris@redhat.com>
    Reviewed-By: Isaac Boukris <iboukris@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>