This reproduces the issue encounted in the wild by kresd, reported here: knot-resolver#679
The main point of the test is to have a delegation from secure to insecure subzone, when:
- authoritative server for both zones is the same
- the subzone is at least 2 labels below the parent zone apex