Add DNSKEY record for KSK when creating the SKR

Don't add KSKs to the KSR. Creating the KSR happens on the "ZSK side". The KSK is offline and while the public key and state file may be present, draft-icann-dnssec-keymgmt-01.txt suggest that the KSR only contains ZSKs. Also, this is also what knot dns does.

Then, add the DNSKEY record corresponding to the KSK to the SKR. When signing a KSR, add the DNSKEY records from the signing KSK(s) to the RRset prior to creating the signature for it.