s3/smbd: ensure global "smb encrypt = off" is effective for SMB 1 clients

s3/smbd: ensure global "smb encrypt = off" is effective for SMB 1 clients

If encryption is disabled globally, per definition we shouldn't allow
enabling encryption on individual shares.

The behaviour of setting

[Global]
  smb encrypt = off

[share_required]
  smb encrypt = required

[share_desired]
  smb encrypt = desired

must be to completely deny access to the share "share_required" and an
unencrypted connection to "share_desired".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 43a90cee46bb7a70f7973c4fc51eee7634e43145)