dnssec_sign_verify(): fix algorithms considered insecure
Fedora 33 configures GnuTLS to consider some algorithms as insecure, so they don't get usable normally. However, some of them still MUST be supported in validators. Fortunately GnuTLS provides a flag for signature verification; signing itself remains broken (most likely; it's RSA_SHA1* in F33 case).
Tested on Knot Resolver + the full algorithm matrix.