temporary: gsscon_passive_authenticate: acquire trustidentity creds.

temporary: gsscon_passive_authenticate: acquire trustidentity creds.

As discussin in LP: #1203159, the client always uses trustidentity as
a name.  We're running into problems because the server uses
GSS_C_NO_CREDENTIAL.  That means no service name is included in RADIUS
and unless there's proxy magic, then channel bindings fails.

For now, also acquire trustidentity credentials on the server.  This
still leaves the security issue discussed by that bug, but at least
the code works.