Allow users to pass keytabs to CLI tooling

In scripting tooling, it's inconvenient to require an explicit `kinit` before running tooling against a secure cluster. It'd be nice if a user could instead pass the keytab as an argument to tools.

This would also allow us to use an in-memory credentials cache as we do in the server, so we wouldn't "leak" credentials to the system-wide file-based credentials cache.