s3: smbd: Ensure we always go via getgroups_unix_user() when creating an NT token.

s3: smbd: Ensure we always go via getgroups_unix_user() when creating an NT token.

This has to be done in every code path that creates
an NT token, as remote users may have been added to
the local /etc/group database. Tokens created merely
from the info3 structs (via the DC or via the krb5 PAC)
won't have these local groups.

This code needs to special-case the guest user, as
this token can have the token_sid[0] set to the Guest
SID, not the mapping of UNIX uid -> SID.

Other users that may have a well-known SID
set in token_sid[0] (like SYSTEM) are usually
not mappable to UNIX users and can be ignored
when adding local groups from /etc/group.

Combined back-port of fixes
6034ab521c47fc5f4732398652c9c6847ff92035 and
a9fa09723bee3588db2168ac13f7ad0334452c11 from
master.

https://bugzilla.samba.org/show_bug.cgi?id=10508

Signed-off-by: Jeremy Allison <jra@samba.org>