Improve handling of inline signed zones with missing signing keys

RT #35502 points out that named treats inline signed zones with no associated signing keys in a somewhat confusing way. It boils down to two issues:

1. Bumped signed serial is logged even when an error occurs while updating signatures later on. To reproduce the problem, configure a zone like this:

   zone "foo." {
       type master;
       file "foo.db";
       inline-signing yes;
       auto-dnssec maintain;
   };

   Do not create any signing keys, prepare zone file foo.db with serial number 1, start named. Then update foo.db by setting the serial number to 2 and run rndc reload foo. Something like this will be logged:

   16-Mar-2018 23:33:46.839 zone foo/IN (unsigned): loaded serial 2
   16-Mar-2018 23:33:46.839 zone foo/IN (signed): serial 2 (unsigned 2)
   16-Mar-2018 23:33:46.840 zone foo/IN (signed): could not get zone keys for secure dynamic update
   16-Mar-2018 23:33:46.840 zone foo/IN (signed): receive_secure_serial: not found

   However, named will still be serving version 1 of the zone.

2. While configuring an inline signed zone without any signing keys results in an unsigned version of the zone being served, any subsequent updates to the raw zone are not reflected in the secure zone. While not creating signing keys for a zone explicitly designated to be signed may be considered a self-foot-shoot, it would arguably be a more user-friendly approach to keep applying raw zone changes to the secure zone as long as it is safe to do so, i.e. until signing keys become available (at which point applying raw zone changes without the accompanying signature changes would break existing signatures).