Fix handling of FILE ccache removed creds

[jaltman]

For compatibility with MIT both endtime and authtime must be modified in order for the cred to be ignored when iterating the ccache contents.

Heimdal fcc_next_cred() must ignore removed credentials when iterating and not pass them back to the application. Returning a cred with endtime < authtime violates the spirit of RFC4120 which requires that a KDC not return a cred with an endtime < the starttime or authtime.