Title: #5450: kcm: add support for kerberos tgt renewals
Ah, I missed the last patch: `KCM: Disable responder idle timeout
with renewals`. So it will work correclty. But I wonder if it would be better to keep the
idle timeout enabled. What we could do is to make systemd timer send a SSSD-specific KCM
op code periodically and renew the tickets per-request. This would also simplify the logic
by a lot since you would not have to keep the hash table and timers.
I'm fine with this approach, but if the systemd timer file is installed conditionally
at build time(if KCM renewals are built), then what interval value, i.e. amount of time
that KCM wakes up to attempt renewals, should we set in the systemd timer file? Currently
the renew interval is defined with the `krb5_renew_interval` option in sssd.conf. I
suppose the other side effect is that falllback to `auth_provider=krb5` renew config
options would no longer work.
See the full comment at https://github.com/SSSD/sssd/pull/5450#issuecomment-799506171