2 New configuration options are made available:
- filter_flags
- enforce_flags

Any GSS Flags listed in the filter_flags option is forcibly filtered
out before a gss_init_sec_context() call is invoked.
Any GSS Flags listed in the enforce_flags option is forcibly added
to the list of flags requested by a gss_init_sec_context() call is
invoked.

Flags can be either literals or numeric and must be preceded by the
sign + (to add to the list) or - (to remove from the list).

Resolves: https://fedorahosted.org/gss-proxy/ticket/109

Properly support continuations, including returning the rigth error code
and exporting partial contexts.

Fixes multistep authentications in particular for the initialization case
which always uses continuations.

Resolves: https://fedorahosted.org/gss-proxy/ticket/108

In some cases a name may not be provided, still try to perform
impersonation if the service is configured that way.

If the remote client tries to initialize the context without first
acquiring credentials, try to acquire appropriate credentials if
the service allows it.

We need to pass the real mechanism oid here, not the spcial oid.
special oids are used exclusively by the interposer and gssapi
machinery that calls the interposer, they must never be propagated
to clients or servers.

In some cases we need to pass on the corresponding real oid, after we
are given a special oid.
Add helper functions to do that.

These arguments have been accidentally forgotten causing failures for
applications that specify non default flags and non indefinite lifetime.

Take a copy here, the option string is const and strtok_r() is not a safe
function as it may change the string it manipulates.