Support kerberos

[stdweird]

Currently in case of regular HTTPS, the aii-shellfe.conf certificate options are used for LWP (profiles.xml) and CCM::Fetch.
We also need to be able to pass the kerberos options to CCM / LWP.

Currently kerberised CDB is not supported.

[jrha]

@stdweird are there other requirements driving this?
If not and it's just aspirational I'd rather it didn't have a milestone.

[stdweird]

If you run freeipa with aii and you fetch the profiles remotely, this needs fixing. We (at ugent) don't require it (our AII server is our quattor server, and has the profiles locally; and we fetch them with dir:// magic).
Feel free to remove the milestone. I have no time to work on this (currently working on openstack and pacemaker...)