Updated --clientauth to use `mspki-certificate-application-policy` instead of `pKIExtendedKeyUsage`

[funnybananas]

Repalced pKIExtendedKeyUsage with mspki-certificate-application-policy for --clientauth as it seems like the latter is what actually provides Domain authentication, and allows for the impersonation. Only adding Client Authentication to the pKIExtendedKeyUsage property ends up displaying an error when trying to Pass-The-Ticket with the resulting certificate:

KDC_ERR_INCONSISTENT_KEY_PURPOSE

Error goes away and successfully passes the ticket (and authenticates) when adding Client Authentication to the mspki-certificate-application-policy property.