Do not allow DES encryption when using Kerberos
MIT Kerberos did remove support for DES. Without removing DES from the
default encryption types list we cannot proceed with Samba AD DC
creation.
Convert internal DES implementation to use GnuTLS instead.
(cherry picked from commit e9627e790b9bd71a810531902bc6ab055fbbc392)