XSI-2088: CA-422080: External auth can not support large forest

The customer environment has following two issues
- The forest is very large
- They have very huge user sid

For large forest, the joined domain trust around 50 domains.
For each domain, with `winbind scan trusted domains = yes`
- xapi scan each trusted domain and enumerate all domain DCs routinely
to decide the closed DC for ldap query
- winbind create a subprocess for each trusted domain, and it also
enumerate all DCs to decide the best DC and sync domain information

This takes huge mount of resouce and keep winbind main process too
busy to handle user request.
However, customer usually only used 2-3 domains to manage XS, this
means it is not necessary to scan all the trusted domains.

- `winbind scan trusted domains = no` is set to forbid domain scan.
The side effect is xapi no longer know the trusted domain.
Thus, xapi perform ldap query to the DC of the trusted domain for the
necessary information.
- Closest KDC is maintained to perform ldap query, that is removed as
  * `wbinfo --getdcname` is called to get a KD, winbind already perform
     some basic check regarding the response time
  *  The closed KDC ldap is performed during add user, which is NOT a
     frequent operation, so performance is not such critical
  *  The update subject backend task can refresh subject information
     later

For the huge sid problem, winbind setup a 1-1 map between sid and uid
Huge sid number exceed the configured uid limitation. To fix it
- Exteend the configured limitation
- rid -> autorid as the map backend, autorid is better and deterministic
- Clean winbind cache during xapi start to support update from rid
  and we do want to refresh with xapi restart

Signed-off-by: Lin Liu <lin.liu01@citrix.com>
(cherry picked from commit e9123bd)

Author: Lin Liu