deprecate auto-dnssec feature in favor of dnssec-policy
IMHO in v9.19 we should remove it altogether ASAP.
There is a question what to do with zones which use
auto-dnssec on upgrade. I think it would be wrong to just skip over the config statement and pretend it is not configured because it would be major break in user's expectation. I think in this case it should be hard error (from v9.19 onwards, of course.)