[PATCH v6] GSSAPI encryption support

Hello friends,

Here's yet another version of GSSAPI encryption support. It's also
available for viewing on my github:

https://github.com/frozencemetery/postgres/tree/feature/gssencrypt6

Let me hit the highlights of this time around:

- Fallback code is back! It's almost unchanged from early versions of
this patchset. Corresponding doc changes for this and the next item
are of course included.

- Minor protocol change. I did not realize that connection parameters
were not read until after auth was complete, which means that in this
version I go back to sending the AUTH_REQ_OK in the clear. Though I
found this initially irritating since it required re-working the
should_crypto conditions, it ends up being a net positive since I can
trade a library call for a couple variables.

- Client buffer flush on completion of authentication. This should
prevent the issue with the client getting unexpected message type of
NUL due to encrypted data not getting decrypted. I continue to be
unable to replicate this issue, but since the codepath triggers in the
"no data buffered case" all the math is sound. (Famous last words I'm
sure.)

- Code motion is its own patch. This was requested and hopefully
clarifies what's going on.

- Some GSSAPI authentication fixes have been applied. I've been staring
at this code too long now and writing this made me feel better. If it
should be a separate change that's fine and easy to do.

Thanks!