Fix SPNEGO output parameter bugs

When accepting, do not leak a name if the underlying mech reports a
src_name twice.  Record mech_type and delegated_cred_handle and report
them to the caller at the final SPNEGO step, not when the underlying
mech reports them.

When initiating or accepting, report ret_flags at every step, and
filter out PROT_READY as required by RFC 4178 section 3.1.  Report a
time_rec value at the final step even if we didn't call into the
underlying mech, using a call to gss_context_time() if necessary.

In the mechglue, initialize ret_flags and time_rec for both
gss_initialize_sec_context() and gss_accept_sec_context().

https://github.com/krb5/krb5/commit/24b844714dea3e47b17511746b5df5b6ddf13d43
Author: Greg Hudson <ghudson@mit.edu>
Commit: 24b844714dea3e47b17511746b5df5b6ddf13d43
Branch: master
 src/lib/gssapi/mechglue/g_accept_sec_context.c |    6 ++
 src/lib/gssapi/mechglue/g_init_sec_context.c   |    6 ++
 src/lib/gssapi/spnego/gssapiP_spnego.h         |    1 +
 src/lib/gssapi/spnego/spnego_mech.c            |   85 +++++++++++++-----------
 4 files changed, 60 insertions(+), 38 deletions(-)