the pktcache introduces two cache tags PKT/SEC for
basic/DNSSEC responses and stores negative answers in
the cache

previously producers in overlay could only generate query or
update the final answer - this required exported callbacks
from iterate.c and specific processing. this wouldn’t work
for negative cache, as it would be required to reimplement
whole iterate layer for cached data

the new workflow allows produce layers to generate answer
instead, this answer is then consumed in the next step
by the iterate module in unified fashion for all caches/generators

this fixes stripped DNSSEC records in final answer

the server responds with edns0 if the client requests it,
it also uses DNSSEC for queries if DO=1

the obtained records are not however validated

the api is still a global variable, but it would be the
best if the namedb_t carried the pointer to the api,
so it needs to change in libknot later

each asset is tagged by a byte defining its type and importance
this is a groundwork for negative cache and packet cache
abstracted the code in preparation for different backends

if the server doesn’t understand edns0, replies with
notimpl, formerr or sends bad badly formed response,
we try basic dns query (ns0.rbsov.bbc.co.uk)

previously cryptolib random function was used to generate message id,
this works well but it is slow especially when the entropy is low,
replaced with cryptographically safe prng ISAAC

the ccan directory is going to be used in the future, as it's include
structure makes it easy to embed C snippets instead of reimplementing
them

the encloser might exist and contain valid data, the resolver would return wrong records in this case

refs #15

* each query is assigned a task
* each task contains request, some primitives and mempool
* worker can process multiple tasks at once and
  offload I/O to event loop

Not finished:

* it depends on icmp/system timeouts, #22
* tcp reads are going to be bad if the messages
  arrive fragmented #21

the reason is that LMDB allows only 1 write transaction
per thread, and this doesn’t work well with multiplexed
requests. there is probably going to be some performance hit,
but now transactions are scoped for each cache operation

nameservers with addresses are preferred, the rest
has same weight

no blacklisting, penalization or rtt scoring yet

instead of keeping just random NS and address,
it keeps a map of nameservers => {addresslist}

this allows scoring and correct NS election, fallback
and evaluation