The dns::TSIGKey constructor that was being by d2:TSIGKeyINfo expects an
ordinary string value for secret and then encodes it to base64. Since
TSIGKeyInfo configuration value for secret is already expected to be base64
encoded this was causing it to be encoded again resulting in verification
errors when tested against Bind9.

Changed TSIGKeyInfo::remake to use the appropriate TSIGKey constructor.