krb5_child: fix OTP authentication for PAM stacked tokens

The `tokeninfo_matches()` function already handles PAM stacked tokens
correctly by processing them through the 2FA single path, so the
`answer_otp()` function should allow this token type to proceed.

Add SSS_AUTHTOK_TYPE_PAM_STACKED to the allowed authentication token
types in `answer_otp()` to restore previous functionality.

Fixes: 4cb99a2 ("krb5_child: advertise authentication methods").
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit df15165)

Author: ikerexxe

src/providers/krb5/krb5_child.c

@@ -631,7 +631,8 @@ static krb5_error_code answer_otp(krb5_context ctx,
 
     type = sss_authtok_get_type(kr->pd->authtok);
     if (type != SSS_AUTHTOK_TYPE_2FA_SINGLE
-            && type != SSS_AUTHTOK_TYPE_2FA) {
+            && type != SSS_AUTHTOK_TYPE_2FA
+            && type != SSS_AUTHTOK_TYPE_PAM_STACKED) {
         DEBUG(SSSDBG_MINOR_FAILURE, "Unexpected authentication token type [%s]\n",
               sss_authtok_type_to_str(type));
         return ERR_CHECK_NEXT_AUTH_TYPE;