updated tests

this is broken by changes in libknot2/db api,
needs to be done differently later

this is not going to be backwards compatible change, but it will be the first tagged libknot release sufficient for resolver

* PIE,RELRO+NOW and other security features enabled
* support for both static/dynamic builds with BUILDMODE
* dynamic library is ABI-versioned, starting at 1
* pkg-config file is installed

if the NSLIST already has a candidate with addresses, never replace
current leader with an empty one. otherwise if the former leader address
was tried and failed, new empty leader would be blamed for this and
penalized

current processed query is always in `request->current_query`

before the algorithm was happy with root hints for all queries starting
at root, however they're often overloaded and result in timeouts
the updated code provides SBELT only for root NS query lookup and tries
to use cached information as much as possible

if the client doesn't support DNSSEC, scrub these from the answer
and do not set the AD bit

until RFC2181 credibility is implemented in cache, this behavior breaks
DNSSEC as the parent-side comes first to the cache
disabled this behavior until implemented properly