check GSS-API negotiated anti-replay and mutual auth services

RFC 3645 about GSS-TSIG requires in 3.1.1 page 7 that:

The values of replay_det_state and mutual_state indicate if the security package provides replay detection and mutual authentication, respectively. If returned major_status is GSS_S_COMPLETE AND one or both of these values are FALSE, the client MUST abandon this algorithm.

This ticket will add this sanity check to the GSS-API init() method.