Check GSS_C_REPLAY_FLAG in client-side ret_flags validation

Check GSS_C_REPLAY_FLAG in client-side ret_flags validation

RFC 3645 Section 3.1.1 mandates that the client MUST abandon the
algorithm if replay_det_state is FALSE after GSS_Init_sec_context
completes.  The previous commit checked MUTUAL and INTEG but missed
REPLAY, even though it was already requested in the input flags.

Add GSS_C_REPLAY_FLAG to the ret_flags bitmask check so all three
required properties (replay detection, mutual authentication, and
integrity) are verified.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>