Add warnings for Kerberos GSS algorithms deprecated in RFCs 6649 and 8429.

All of these algorithms are explicitly marked SHOULD NOT in one of these
RFCs.

Specifically, RFC 6649 deprecates all algorithms using DES as well as
the "export-friendly" variant of RC4.  RFC 8429 deprecates Triple DES
and the remaining RC4 algorithms.

Reviewed by:	cem
MFC after:	1 month
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D20343

sys/kgssapi/krb5/kcrypto_arcfour.c

@@ -46,8 +46,12 @@ __FBSDID("$FreeBSD$");
 static void
 arcfour_init(struct krb5_key_state *ks)
 {
+	static struct timeval lastwarn;
+	static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
 
 	ks->ks_priv = NULL;
+	if (ratecheck(&lastwarn, &warninterval))
+		gone_in(13, "RC4 cipher for Kerberos GSS");
 }
 
 static void

sys/kgssapi/krb5/kcrypto_des.c

@@ -53,11 +53,15 @@ struct des1_state {
 static void
 des1_init(struct krb5_key_state *ks)
 {
+	static struct timeval lastwarn;
+	static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
 	struct des1_state *ds;
 
 	ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK|M_ZERO);
 	mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF);
 	ks->ks_priv = ds;
+	if (ratecheck(&lastwarn, &warninterval))
+		gone_in(13, "DES cipher for Kerberos GSS");
 }
 
 static void

sys/kgssapi/krb5/kcrypto_des3.c

@@ -54,11 +54,15 @@ struct des3_state {
 static void
 des3_init(struct krb5_key_state *ks)
 {
+	static struct timeval lastwarn;
+	static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
 	struct des3_state *ds;
 
 	ds = malloc(sizeof(struct des3_state), M_GSSAPI, M_WAITOK|M_ZERO);
 	mtx_init(&ds->ds_lock, "gss des3 lock", NULL, MTX_DEF);
 	ks->ks_priv = ds;
+	if (ratecheck(&lastwarn, &warninterval))
+		gone_in(13, "DES3 cipher for Kerberos GSS");
 }
 
 static void