validator: add TTL checks
Probably to be within
kr_rrset_validate_with_key() or inside a sub-call.
- check TTL going over RRSIG expiration;
- check TTL going over the signed TTL.
- clamp the TTL
- refuse such signature -> BOGUS
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information