Add tests for the "tkey-gssapi-credential" option

Add tests for the "tkey-gssapi-credential" option

Four named instances in the "nsupdate" system test have GSS-TSIG support
enabled.  All of them currently use "tkey-gssapi-keytab".  Configure two
of them with "tkey-gssapi-credential" to test that option.

As "tkey-gssapi-keytab" and "tkey-gssapi-credential" both provide the
same functionality, no test modifications are required.  The difference
between the two options is that the value of "tkey-gssapi-keytab" is an
explicit path to the keytab file to acquire credentials from, while the
value of "tkey-gssapi-credential" is the name of the principal whose
credentials should be used; those credentials are looked up in the
keytab file expected by the Kerberos library, i.e. /etc/krb5.keytab by
default.  The path to the default keytab file can be overridden using by
setting the KRB5_KTNAME environment variable.  Utilize that variable to
use existing keytab files with the "tkey-gssapi-credential" option.

The KRB5_KTNAME environment variable should not interfere with the
"tkey-gssapi-keytab" option.  Nevertheless, rename one of the keytab
files used with "tkey-gssapi-keytab" to something else than the contents
of the KRB5_KTNAME environment variable in order to make sure that both
"tkey-gssapi-keytab" and "tkey-gssapi-credential" are actually tested.

(cherry picked from commit 1746d2e84acee77ec88bf3f61eaa8f11cc1039a5)