Zone update v2

Upgraded zone_update code to build the resulting zone on-the-fly using the apply_ functions. This mimics the changeset application that would normally happen at the commit phase. The advantages are:
- can fail right away during addition/removal instead of during commit
- saves lots of memory by not synthesizing nodes
- discards lots of duplicate code and simplifies other; primarily only zone_update addition and removals are more complicated.
- makes the apply_ functions more generic, robust

Only disadvantage I can think of is that the complexity of changesets, zone contents, pointers, nsec chains, etc. makes it difficult to consider whether the code is correct. It requires more testing over CTL, but it mostly should work very well considering all code used now was used before. Also the ddns/basic test is pretty extensive, making at least some guarantee of correctness.

See merge request !576

The structs cannot be compared directly because BSDs use some
extra fields which don't have match. Compare just address and port.

Write DNS cookies in network-order.

See merge request !575

utils/tls: print certificate hierarchy



See merge request !573

Test on big-endian machines have been failing.

Speed: on my office desktop it didn't increase the amount of resources
needed to run all the tests; I actually got a little shorter time,
but that was most likely due to random variations.

NSEC proofs refactoring

Close #191, #471

See merge request !570

NSECs don't exist at non-terminals, NSEC3s don't exist in opt-out.

The real previous name has to be stored because the wildcard
needn't be expanded from QNAME but can be expanded as a part
of CNAME/DNAME chain.

Don't require the node to be authoritative. This is need for DNSSEC
proofs and this should be handled there.