Incorrect KDF salt type derived from principal name

[MichaelGrafnetter]

Describe the bug
The KDF generates incorrect salt for principal Administrator@Adatum.com:

Actual result: ADATUM.COMhostAdministrator.adatum.com
Expected result: ADATUM.COMAdministrator

To Reproduce

var krbPrincipalName = PrincipalName.FromString(principal: "Administrator@Adatum.com", realm: "Adatum.com");
var principalName = PrincipalName.FromKrbPrincipalName(krbPrincipalName);
KerberosKey aes256sha1Key = new(password: "Password123", etype: EncryptionType.AES256_CTS_HMAC_SHA1_96, principal: principalName);
// Check aes256sha1Key.SaltFormat
// Check aes256sha1Key.Salt

(Also notice that PrincipalName.FromString() strangely returns KrbPrincipalName instead of PrincipalName, so an additional conversion is needed.)

Expected behavior

If KerberosKey.SaltFormat is not provided to the KerberosKey constructor by the caller, it should be derived from PrincipalName.Type. It is instead always SaltType.ActiveDirectoryService, even for PrincipalNameType.NT_PRINCIPAL, although it should be SaltType.ActiveDirectoryUser in this case.