Allow disregarding system-wide auth-to-local mapping

Per a thread on the mailing list, some users have their krb5.conf set up in such a way that auth_to_local mapping doesn't apply correctly to Kudu service accounts. This doesn't cause problems for other Java-based Hadoop ecosystem services, because they don't respect the localauth plugins defined in krb5.conf but rather use their own auth_to_local mappings defined in the Hadoop configuration file.

Longer term we could support our own custom mappings, but a simple interim solution is just to allow using the 'simple' mapping of taking the first component of the principal as the short username.