ipaserver.plugins.service: add service-add-smb to set up an SMB service
    
    SMB service has a number of predefined properties that must be set at a
    creation time. Thus, we provide a special command that handles all the
    needed changes. In addition, since SMB principal name is predefined, it
    is generated automatically based on the machine hostname.
    
    Since we generate the service's object primary key, its argument/option
    should be removed from the list of the command's arguments and options.
    We also remove those options that make no sense in the context of SMB
    service.
    
    Most controversial would probably be a lack of the authentication
    indicator that could be associated with the service.  However, this is
    intended: SMB service on the domain member is used by both humans and
    other SMB services in the domain. Thus, it is not possible to require a
    specific authentication indicator to be present: automated acquisition
    of the credentials by a domain controller or other domain member machine
    accounts is based on a single factor creds and cannot be changed.
    
    Access to SMB service should be regulated on the SMB protocol level,
    with access controls in share ACLs.
    
    Fixes: https://pagure.io/freeipa/issue/3999
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>