Remove dynamic update DNSSEC management

In Porto we discussed DNSSEC multi-signer models. One of the issues is that DNSSEC related dynamic updates triggers key management operations because in the multi-signer model we have to deal with DNSKEY records that are not under our control. Therefor, trying to activate them leads to bug corner cases and inappropriate log messages.

We decided those are no longer needed because DNSSEC management needs to be done via dnssec-policy. Thus when adding or removing a DNSKEY via dynamic update, we do still change the publication, but we no longer walk through the set of keys to mark them active or inactive.

Also deprecate the feature of NSEC3 re-chaining triggered by dynamic update.