[CVE-2026-3039] sec: usr: Fix GSS-API resource leak

Fixed a memory leak where each GSS-API TKEY negotiation leaked a
security context inside the GSS library. An unauthenticated attacker
could exhaust server memory by sending repeated TKEY queries to a
server with tkey-gssapi-keytab configured. The leaked memory was
allocated by the GSS library, bypassing BIND's memory accounting.

Multi-round GSS-API negotiation (GSS_S_CONTINUE_NEEDED) is now
rejected, as BIND never supported it correctly and Kerberos/SPNEGO
completes in a single round.

Closes: https://gitlab.isc.org/isc-projects/bind9/-/issues/5752
Merge branch '5752-fix-memory-leak-in-TKEY-negotiation' into 'security-main'

See merge request isc-private/bind9!965