add_sigs was using the wrong time in kasp mode

add_sigs in lib/dns/zone.c and lib/dns/update.c with kasp was using inception as a proxy for now. This resulted in RRSIGs not being generated for new keys. It could also result in the wrong keys being used.

I was fixing the nsec3-to-nsec test in autosign to actually convert from NSEC3 to NSEC and noted that the change was not signed when it should have been as the zone was signed in the setup phase.

14-Dec-2023 18:07:01.331 del nsec3-to-nsec.example.     300     IN      SOA     mname1. . 2009102722 20 20 1814400 3600
14-Dec-2023 18:07:01.331 del nsec3-to-nsec.example.     0       IN      NSEC3PARAM 1 0 0 BEEF
14-Dec-2023 18:07:01.331 add nsec3-to-nsec.example.     300     IN      SOA     mname1. . 2009102723 20 20 1814400 3600
14-Dec-2023 18:07:01.331 add nsec3-to-nsec.example.     0       IN      TYPE65534 \# 8 000140000002BEEF

There are other issues that need to be address with this but lets clear this one first.