ecs_is_valid() rejects valid EDNS Subnet Client payloads

Hi,

The ecs_is_valid() function is used to validate the correctness of a knot_edns_client_subnet_t object. Unfortunately, it is not entirely accurate since it enforces this requirement:

(ecs->scope_len <= ecs->source_len);  // valid scope length

According to RFC 7871, the SCOPE PREFIX-LENGTH field is zero in queries:

   o  SCOPE PREFIX-LENGTH, an unsigned octet representing the leftmost
      number of significant bits of ADDRESS that the response covers.
      In queries, it MUST be set to 0.

and for responses from an authoritative nameserver, SCOPE PREFIX-LENGTH can be either longer or shorter than SOURCE PREFIX-LENGTH:

   SCOPE PREFIX-LENGTH in the response indicates the network for which
   the answer is intended.

   A SCOPE PREFIX-LENGTH value longer than SOURCE PREFIX-LENGTH
   indicates that the provided prefix length was not specific enough to
   select the most appropriate Tailored Response.  Future queries for
   the name within the specified network SHOULD use the longer SCOPE
   PREFIX-LENGTH.  Factors affecting whether the Recursive Resolver
   would use the longer length include the amount of privacy masking the
   operator wants to provide their users, and the additional resource
   implications for the cache.

   Conversely, a shorter SCOPE PREFIX-LENGTH indicates that more bits
   than necessary were provided, and the answer is suitable for a
   broader range of addresses.  This could be as short as 0, to indicate
   that the answer is suitable for all addresses in FAMILY.

It looks like knot_edns_client_subnet_parse() is used when deserializing the ECS option from incoming queries, and knot_edns_client_subnet_write() is used when serializing the ECS option into outgoing responses, and they both call ecs_is_valid(). Probably there needs to be separate validity checks for the ECS data depending on whether a query or response is being processed.

Thanks!