etc/: add the fresh DNSSEC root key "KSK-2024" already

The key still won't be used for some time, two years maybe, but I think it's better to preemptively trust it already. (outdated machines, etc.)

Some evidence that it's not just a hash of my private key:

• https://www.iana.org/dnssec/ceremonies/53-2
• https://data.iana.org/ksk-ceremony/53-2/kskm-keymaster-20240426-173035-995.log
• https://www.youtube.com/live/gw4PFhtnVpk?si=C8zevM3nG9O0XAJr&t=12726

added easyfix label

changed the description

.cz blog post about this ceremony: https://blog.nic.cz/2024/05/12/novy-hsm-pri-podpisu-korenove-zony/

mentioned in commit 33ec018e

merged

Rollover timing plans:

We plan to pre-publish the new KSK in the DNS starting on 11 January 2025, with a standby period of nearly two years before a rollover in October 2026. This provides ample opportunity to propagate the new trust anchor, and also provides the capability to roll to it sooner should an emergency rollover be required.

Link: https://lists.icann.org/hyperkitty/list/ksk-rollover@icann.org/thread/YFDVVY3JNYRGSS5ZBDPTPZLFY4E4FNMO/