modules/daf,renumber: fixed the modules and added tests

This fixes most of the rules in DAF that were broken in 2.0 and adds tests. It also allows policy filter to evaluate policies in the checkout layer, before the subrequest is sent to authoritative. This is used primarily for negotiating features between resolver and authoritatives, or disabling transports.

The policy filter can now match on:

• NS suffix - to apply policies on any zone on given nameservers
• Query type

New actions:

• REFUSE - block query with an RCODE=REFUSED, fixes #337 (closed)

The DAF can now toggle features between resolver and authoritatives.

fixes #322 (closed)

cc @anb

daemon/lua/kres-gen.lua

@@ -289,10 +289,10 @@ knot_mm_t *kr_resolve_pool(struct kr_request *);
struct kr_query *kr_rplan_push(struct kr_rplan *, struct kr_query *, const knot_dname_t *, uint16_t, uint16_t);
int kr_rplan_pop(struct kr_rplan *, struct kr_query *);
struct kr_query *kr_rplan_resolved(struct kr_rplan *);
+struct kr_query *kr_rplan_last(struct kr_rplan *);
int kr_nsrep_set(struct kr_query *, size_t, const struct sockaddr *);
uint32_t kr_rand_uint(uint32_t);
int kr_make_query(struct kr_query *query, knot_pkt_t *pkt);
-void kr_pkt_make_auth_header(knot_pkt_t *);
int kr_pkt_put(knot_pkt_t *, const knot_dname_t *, uint32_t, uint16_t, uint16_t, const uint8_t *, uint16_t);
int kr_pkt_recycle(knot_pkt_t *);
int kr_pkt_clear_payload(knot_pkt_t *);