WPS: Add a workaround for TKIP/CCMP mixed mode credentials

WPS: Add a workaround for TKIP/CCMP mixed mode credentials

Many deployed APs do not handle negotiation of security parameters well
when both TKIP and CCMP (or both WPA and WPA2) are enabled. The most
common end result seems to be ending up with the least secure option..

As a workaround, check whether the AP advertises WPA2/CCMP in Beacon
frames and add those options for the credential if needed. This allows
the client to select the most secure configuration regardless of how
broken the AP's WPS implementation is as far as auth/encr type
negotiation is concerned.