More GSS-TSIG DNS update checks and TKEY exchange checks

New TKEY exchange unit tests of #2092 (closed) show that the TKEY exchange code should protect before calling the GSS-API library against two misuses:

• use twice the same key (proposal: check the GSS-API context)
• call doExchange twice (proposal: introduce an initial state)

The GSS-TSIG configured server should fallback to non secure DNS update if the TKEY is not available (missing UT):

• checking fallback (if no GSS-TKEY is available, the DNS update should fall through with no security)