trusts: format Kerberos principal properly when fetching trust topology
For bidirectional trust if we have AD administrator credentials, we
should be using them with Kerberos authentication. If we don't have
AD administrator credentials, we should be using
HTTP/ipa.master@IPA.REALM credentials. This means we should ask
formatting 'creds' object in Kerberos style.
For one-way trust we'll be fetching trust topology as TDO object,
authenticating with pre-created Kerberos credentials cache, so in all
cases we do use Kerberos authentication to talk to Active Directory
domain controllers over cross-forest trust link.
Part of trust refactoring series.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1250190
Fixes: https://fedorahosted.org/freeipa/ticket/5182
Reviewed-By: Tomas Babej <tbabej@redhat.com>