knot-resolver: enable DoT server (unconditionally)

... because why (k)not? For example, Android 9+ should just use it by default (I tried) - at least I think the "Automatic" mode is usually the default.

Of course, in that mode the certificate is not verified (and ATM we don't provide anything verifiable anyway), so the security benefit is small - it only prevents passive attacks.