Change the way we handle encrypted buffers
    
    The previous change has backwards incompatible behavior that may also
    lead to buffer overruns.
    
    Because we have no easy way to indicate a format change and to maintain
    backwards compatibility for the ciphers that were working (those that
    added padding were hopelessly borken anyway) introduce code to simply
    add padding that we can recognize and remove when we read back the token.
    
    On ciphers that do not add padding this is basically a no op and the
    tokens will be identical to the ones we previously emitted.
    
    On ciphers that add padding we pad the plaintext so that we hit a block
    boundary and cause no extra padding to be added by krb5_c_encrypt
    itself. On decryption we check if padding bytes are appended to the
    buffer and remove them.
    
    Signed-off-by: Simo Sorce <simo@redhat.com>
    Reviewed-by: Robbie Harwood <rharwood@redhat.com>
    Merges: #246