Stop mentioning srvtabs; also update security recommendations

Stop mentioning srvtabs; also update security recommendations

jmorzins says on -c help that accounts will no longer give out srvtabs,
so we no longer need to mention them.

Also address that you should remove the old, insecure key instead of
merely generating a new one and keeping both, and that you should create
empty .k5login files for local users.