pam_ksu: Fix crash when no ticket is present

When building with MIT Kerberos, pam_ksu crashes if the user doesn't
have a ticket because default_principal is never populated in
get_su_principal().

Change the compatibility function to use krb5_build_principal_alloc_va
instead, and make its interface compatible with the equivalent Heimdal
function.

Despite what the comment says, we do free the default principal later
in get_su_principal() so this shouldn't cause any leaks.

Reviewed by: des, philip, cy, jhb
Differential Revision: https://reviews.freebsd.org/D51829