Improve and extend "auto-dnssec" tests
Just testing whether an NSEC3 record exists with the DNSKEY bit set in its type bitmap is arguably not a solid enough test for how named processes a signed zone with "auto-dnssec maintain;" set and extra keys available. Rather than querying a resolver for a record at the apex of such a zone, get the whole zone from an authoritative server and run it through dnssec-verify to improve the comprehensiveness of the test. Add similar tests for signed zones which have extra keys using a different algorithm available. Prevent zone file duplication by making all relevant tests use the same source file, "auto-nsec.example.db.in".