Clarify retiring-des based on user feedback

Explain why DES keys should be removed from principals, and clarify
that allow_weak_crypto overrides all other configuration.

(cherry picked from commit fa6de1bf73926751a2f68bff31ef020eb7db9260)

https://github.com/krb5/krb5/commit/8cd1922dc170e224a9cd04ab53eda7895c933563
Author: Ben Kaduk <kaduk@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 8cd1922dc170e224a9cd04ab53eda7895c933563
Branch: krb5-1.11
 doc/admin/advanced/retiring-des.rst |   20 ++++++++++++++++++--
 1 files changed, 18 insertions(+), 2 deletions(-)