Merge branch 'dnssec-resign-early' into 'master'

DNSSEC: signatures refreshing

Included changes:

* The signatures are now refreshed (signature_lifetime / 10) seconds before their expiration. The default signature lifetime is 30 days, therefore the signatures are refreshed 3 days before their expiration.
* The parameter 'expires_at' in signing functions was renamed to 'refresh_at', as the name was misleading.
* The signing policy structure was cleaned and helper functions were added.
* DNSSEC event logging was changed from relative to absolute value, because the intervals are much longer now.