Add the ability to specify that a server supports COOKIES.

We currently learn whether a server supports cookies or not as part of the lookup process. This leaves an exposure window where a spoofed UDP response without a cookie can be accepted. Fallback to TCP if the response does not have a valid TSIG or client cookie when require-cookie is true.

server <prefix> { require-cookie <bool>; };