rdpear: handle basic NTLM commands and fix server-side

This patch adds the handling of basic NTLM commands. Because there's some mysterious
4 zero bytes after pickle header in Kerberos packets, not present in NTLM commands, the
patch also had to rework a bit the packet parsing / forging.

The patch also addresses a server-side bug when parsing supplemental creds, if the client
was sending an empty list, we were considering this as an error.

And finally we also implement the parsing of MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL.
This breaks the public API, anyway this was basically unused (as not parsed before) and
the previous API was wrong as what we receive is MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL
not MSV1_0_SUPPLEMENTAL_CREDENTIAL, so I guess the API breakage is ok.

include/freerdp/peer.h

@@ -56,8 +56,18 @@ extern "C"
 	typedef BOOL (*psPeerHasMoreToRead)(freerdp_peer* peer);
 	typedef BOOL (*psPeerClose)(freerdp_peer* peer);
 	typedef void (*psPeerDisconnect)(freerdp_peer* peer);
+
+	/** callback called when we receive remote credential guard credentials during NLA
+	 * @param peer the associated freerdp_peer
+	 * @param logonCreds the KERB_TICKET_LOGON containing the TGT and the host service ticket
+	 * @param suppCreds some MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL containing NTLM hashes
+	 * @return if the treatment was successful
+	 * @bug before 3.19.0 suppCreds were a pointer to MSV1_0_SUPPLEMENTAL_CREDENTIAL, not
+	 * 		MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL as now
+	 */
 	typedef BOOL (*psPeerRemoteCredentials)(freerdp_peer* peer, KERB_TICKET_LOGON* logonCreds,
-	                                        MSV1_0_SUPPLEMENTAL_CREDENTIAL* suppCreds);
+	                                        MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL* suppCreds);
+
 	typedef BOOL (*psPeerCapabilities)(freerdp_peer* peer);
 	typedef BOOL (*psPeerPostConnect)(freerdp_peer* peer);
 	typedef BOOL (*psPeerActivate)(freerdp_peer* peer);