Merge trusted-key and managed-keys

This was discussed during the KSK-2017 roll, we need to either:

a) make trusted-keys to bootstrap managed-keys, e.g. make trusted-keys functionally equivalent to managed-keys b) remove trusted-keys completely (maybe in next release?)