the default value of dnssec-validation is 'auto', which causes a server to send a key refresh query to the root zone when starting up. this is undesirable behavior in system tests, so this commit sets dnssec-validation to either 'yes' or 'no' in all tests where it had not previously been set.
this change had the mostly-harmless side effect of changing the cached trust level of unvalidated answer data from 'answer' to 'authanswer', which caused a few test cases in which dumped cache data was examined in the serve-stale system test to fail. those test cases have now been updated to expect 'authanswer'.
Closes #950 (closed)