This brings, really, the most basic fixes to compile BIND with FIPS mode cleanly, make unit tests pass, and provide support for targeted disablement of portions of system tests. More system tests need to be either disabled completely, or ported from MD5 to SHA for the suite to pass, also a truly FIPS enabled CI jobs should be added in the future to test this properly (hint: a CentOS VM needed).
Pairwise was tested here https://gitlab.isc.org/isc-projects/bind9/-/pipelines/54676.
Prerequisite: images!144 (merged).