do not use trusted forest name to construct domain admin principal
When `trust-add` is supplied AD domain admin name without realm component, the
code appends the uppercased AD forest root domain name to construct the full
principal. This can cause authentication error, however, when external trust
with non-root domain is requested.
We should instead use the supplied DNS domain name (if valid) as a realm
component.
https://fedorahosted.org/freeipa/ticket/6277
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>