Fix up usage of krb_server_keyfile GUC parameter.

secure_open_gssapi() installed the krb_server_keyfile setting as
KRB5_KTNAME unconditionally, so long as it's not empty.  However,
pg_GSS_recvauth() only installed it if KRB5_KTNAME wasn't set already,
leading to a troubling inconsistency: in theory, clients could see
different sets of server principal names depending on whether they
use GSSAPI encryption.  Always using krb_server_keyfile seems like
the right thing, so make both places do that.  Also fix up
secure_open_gssapi()'s lack of a check for setenv() failure ---
it's unlikely, surely, but security-critical actions are no place
to be sloppy.

Also improve the associated documentation.

This patch does nothing about secure_open_gssapi()'s use of setenv(),
and indeed causes pg_GSS_recvauth() to use it too.  That's nominally
against project portability rules, but since this code is only built
with --with-gssapi, I do not feel a need to do something about this
in the back branches.  A fix will be forthcoming for HEAD though.

Back-patch to v12 where GSSAPI encryption was introduced.  The
dubious behavior in pg_GSS_recvauth() goes back further, but it
didn't have anything to be inconsistent with, so let it be.

Discussion: https://postgr.es/m/2187460.1609263156@sss.pgh.pa.us

src/backend/libpq/be-secure-gssapi.c

@@ -525,8 +525,16 @@ secure_open_gssapi(Port *port)
 	 * Use the configured keytab, if there is one.  Unfortunately, Heimdal
 	 * doesn't support the cred store extensions, so use the env var.
 	 */
-	if (pg_krb_server_keyfile != NULL && strlen(pg_krb_server_keyfile) > 0)
-		setenv("KRB5_KTNAME", pg_krb_server_keyfile, 1);
+	if (pg_krb_server_keyfile != NULL && pg_krb_server_keyfile[0] != '\0')
+	{
+		if (setenv("KRB5_KTNAME", pg_krb_server_keyfile, 1) != 0)
+		{
+			/* The only likely failure cause is OOM, so use that errcode */
+			ereport(FATAL,
+					(errcode(ERRCODE_OUT_OF_MEMORY),
+					 errmsg("could not set environment: %m")));
+		}
+	}
 
 	while (true)
 	{