silence a spurious dnssec-keygen warning in the dnssec system test
the occluded-key test creates both a KEY and a DNSKEY. the second call to dnssec-keygen calls dns_dnssec_findmatchingkeys(), which causes a spurious warning to be printed when it sees the type KEY record. this should be fixed in dnssec.c, but the meantime this change silences the warning by reversing the order in which the keys are created.
Edited by Evan Hunt