The tests for going insecure should be changed to use the built-in
"insecure" policy.

The function that checks dnssec status output should again check
for the special case "none".