goakerberosidentity: Fix automatic reinitialization

The identity service has the ability to automatically fetch a new TGT from the KDC when the existing one expires, provided the user keeps their kerberos password in GNOME keyring.

Unfortunately, commit aca400799c225a84e5d0fc90efb206c8f1d48bc3 inadvertently broke this feature in some cases.

When deciding whether or not to make a new credentials cache for a principal the active one it looks at various characteristics of the competing credentials to decide which cache is better.

For instance, if one credentials cache has a ticket that's valid and signed in, but the other credentials cache only has an expired ticket, then obviously the one that's valid and signed in gets picked to be active.

Likewise, if one is expiring in 10 minutes and one is expiring in 24 hours, the one that expires in 24 hours will be treated as better.

This comparison, only makes sense, though when looking at two different credentials caches. If we're updating a preexisting credentials cache, then we're actually just comparing up to date data with out of date data. In that case, we need to proceed even if new newer view of the credentials look worse than the older view of those credentials. Unfortunately, the buggy commit neglected to account for that.

This commit fixes the problem by bailing if the active credentials cache isn't the same as the new identity's credentials cache. The code higher in the function already moves the identity over to the new credentials cache when it fares better anyway, so it's a good enough way to know when to return early.

For clarity, this commit also adds more verbose logging throughout the function.