feat：support windows AD in Kerberos authentication scenarios

[LiuZheng-Z]

The default support kerberos issues： #6445

HDFS connections with Kerberos authentication is
client := client.NewWithKeytab(username, realm, kt, cfg)
krbClient, err := client.NewFromCCache(ccache, cfg)

newHDFS → getKerberosClient() → krb.NewWithKeytab(username, realm, kt, cfg)
↓
AS Exchange (向 AD KDC 请求 TGT)
↓
KDC did not respond appropriately to FAST negotiation
↓
AS_REP is not valid or client password/keytab incorrect

However, this situation occurs with KDC when using Windows AD. The error log is:
SASL handshake: [Root cause: KRBMessage_Handling_Error] KRBMessage_Handling_Error: AS Exchange Error: AS_REP is not valid or client password/keytab incorrect < KRBMessage_Handling_Error: KDC did not respond appropriately to FAST negotiation

Behavior Comparison Under MIT KDC

Scenario	Without DisablePAFXFAST	With DisablePAFXFAST(true)
MIT KDC does not support FAST	Client sends PA-FX-FAST → KDC ignores or rejects → Authentication fails (the initial error scenario)	Client does not send PA-FX-FAST → Goes directly to standard AS Exchange → Authentication succeeds
MIT KDC supports FAST (1.11+)	Uses FAST channel with encrypted pre-authentication data	Skips FAST, uses standard AS Exchange → Authentication succeeds, but loses the extra security protection of FAST
Windows AD	Negotiation fails (root cause of this error)	Skips FAST negotiation → Authentication succeeds

The solution is:
client := client.NewWithKeytab(username, realm, kt, cfg, client.DisablePAFXFAST(true))
krbClient, err := client.NewFromCCache(ccache, cfg, client.DisablePAFXFAST(true))