Update dns_dnssec_get_hints and dns_dnssec_keyactive to use dst_key
functions and thus if dnssec-policy/KASP is used the key states are
being considered.

Add a new variable to 'struct dns_dnsseckey' to signal whether this
key is a zone-signing key (it is no longer true that ksk == !zsk).

Also introduce a hint for revoke.

Update 'dns_dnssec_findzonekeys' and 'dns_dnssec_findmatchingkeys'
to also read the key state file, if available.

Remove 'allzsk' from 'dns_dnssec_updatekeys' as this was only a
hint for logging.

Also make get_hints() (now dns_dnssec_get_hints()) public so that
we can use it in the key manager.