prevents pointless caching of TTL={0,1} records

previously the NS address list was wiped out, this prevents them from being added in the first place

some servers break qname m12n by sending REFUSED, this accepts such answer and requeries with m12n turned off 

the only condition of caching an answer is that it resolves a query and is not already cached
(ok, it must be negative at this point…)

if an authoritative answer comes and the server responds correctly, but appends out-of-bailiwick NS records, ignore them but resolve the query

this fixes a bug when storing NODATA without SOA,NS or any other ‘authoritative answer’ hint

since the zone cut is looked up after layers now, it
is pointless to search for minimized names from cache,
since this is the same operation as searching for a zone cut

since the next CNAME target query was added on top, it replaced
the original ‘current query’, this caused recaching of an answer
if it came from cache (as the query flags have changed)

this prepares cache/txn structures to hold API as well, so we can get
rid of the global api

this fixes a regression when a final name has a dependency with a short
TTL in the search path, but has longer TTL itself
in another words - if there's a CDN in the middle and the name doesn't
exist, answer it from the cache without requerying the CDN

This reverts commit 3d1ee641.

This reverts commit ee2cce4d.

previously only queried names were resolved from cache, this meant that if the target name was present in cache but a server on the search path dropped from it, it would refetch it - this is a problem when a loadbalancer with very short TTL was in search path

the resolution has to start from the root for zonecut resolution, otherwise it might stall resolution if the only good NS drops out of cache and only the bad remain

module api can now store userdata, e.g. owner

the pktcache introduces two cache tags PKT/SEC for
basic/DNSSEC responses and stores negative answers in
the cache

previously producers in overlay could only generate query or
update the final answer - this required exported callbacks
from iterate.c and specific processing. this wouldn’t work
for negative cache, as it would be required to reimplement
whole iterate layer for cached data

the new workflow allows produce layers to generate answer
instead, this answer is then consumed in the next step
by the iterate module in unified fashion for all caches/generators

this fixes stripped DNSSEC records in final answer

the server responds with edns0 if the client requests it,
it also uses DNSSEC for queries if DO=1

the obtained records are not however validated

each asset is tagged by a byte defining its type and importance
this is a groundwork for negative cache and packet cache
abstracted the code in preparation for different backends

if the server doesn’t understand edns0, replies with
notimpl, formerr or sends bad badly formed response,
we try basic dns query (ns0.rbsov.bbc.co.uk)

previously cryptolib random function was used to generate message id,
this works well but it is slow especially when the entropy is low,
replaced with cryptographically safe prng ISAAC

the ccan directory is going to be used in the future, as it's include
structure makes it easy to embed C snippets instead of reimplementing
them

the encloser might exist and contain valid data, the resolver would return wrong records in this case