dnssec-policy neater configuration

Evan:

I fear it will be confusing to have two options called zone-max-ttl in dnssec-policy and max-zone-ttl in zone that do the exact same thing, and suggest we rename the former to the latter for consistency's sake before 9.16.0.

Also:

• Allow for "lifetime unlimited" as a synonym for "lifetime PT0S"
• Make "key-directory" optional.
• Warn if key lengths do not make sense.
• Document that PT0S (duration of 0 seconds) is infinite key lifetime
• minor typo: should be "of" not "or" in: "Like max-zone-ttl, specifies the maximum permissible TTL value in seconds. When loading a zone file using a masterfile-format or text or raw,"