qp bug breaks DNSSEC NXDOMAIN responses for some names

Version: main branch Test: bin/tests/system/rootkeysentinel

This rootkeysentinel test fails repeatedly and needs investigation. It has failed 3/14 runs in the last two weeks.

Last failed run: https://gitlab.isc.org/isc-projects/bind9/-/jobs/4166955

The reason that this happens is because there is a qp bug that in some cases the wrong NSEC or NSEC3 is returned. The iterator is pointing at a node/name that is not the predecessor of the name that was being looked up.