Use tkey-gssapi-keytab in named.conf

Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential
and tkey-domain and replace them with tkey-gssapi-keytab which avoids
unnecessary Kerberos checks on BIND startup and can cause issues when
KDC is not available.

Both new and current IPA installations are updated.

https://fedorahosted.org/freeipa/ticket/3429

install/share/bind.named.conf.template

@@ -14,8 +14,7 @@ options {
 	// Any host is permitted to issue recursive queries
 	allow-recursion { any; };
 
-	tkey-gssapi-credential "DNS/$FQDN";
-	tkey-domain "$REALM";
+	tkey-gssapi-keytab "/etc/named.keytab";
 };
 
 /* If you want to enable debugging, eg. using the 'rndc trace' command,