Update docs with durations, built-in dnssec-policy
Clarify in the ARM that TTL-style options can also now take ISO 8601 durations. Mention the built-in dnssec policies "default" and "none". Mention that "none" is the default. Add a file documenting the default dnssec-policy configuration options. Fix dnssec-policy syntax in ARM (dnssec-policy.grammar.xml).