Nsec sign changesets

This shall speed up small updates to big signed zone.

The previous procedure is:

• recreate all the NSEC(3) records in the zone
• compare to the existing NSEC(3) records, making a diff
• sign this diff

The new procedure is:

• recreate only NSEC(3) records (neighbouring to) records mentioned in the changeset
• sign the changed records

The observed total speed-up of a little zone update to a huge signed zone was around 15%, but there are also other problems not related to NSEC(3) chain reconstruction.

Fixes #119 (closed)