selftest: GetNCChanges can 'accept' a repeated bad request

selftest: GetNCChanges can 'accept' a repeated bad request

In theory, if we send the exact same rejected request again, we should
get the same response back from the DC. However, we don't - the request
is accepted if we send it a second time.

This patch updates the repl_rodc test to demonstrate the problem (which
now causes the test to fail).

Note that although the bad GetNCChanges request is not rejected outright,
the response that gets sent back is empty - it has no objects in it, so
it's not an actual security hole. It is annoying problem for writing
self-tests though.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>