* first cut at NSEC support

* use transactions, fix delegations

* rename to add_nsec_to_zone

* optimize NSEC generation

* split out function to get all secure names (could be useful for NSEC3 later)

* add `Bitmap.from_rdtypes()` and add missing typing

* more typing

* add missing import

* add more typing

* fix tok type

* remove _get_secure_names, optimize

* better zone testing (compare as text)
add test example with delegation below other delegation

* include NSEC itself in the bitmap

* lint

* Add names iteration to transactions via iterate_names().

Also make rdataset iteration more obvious by adding an
explicit iterate_rdatasets() API.

* use iterate_names()

* typo

* black

* use single iteration

* better type fix

* add optional transaction to add_nsec_to_zone

* idea for zone signer

* do not sign RRSIGs

* fix signer

* correctly sign DS

* simplify

* simplify by passing rrset to signer

* fix typing

* nit

* add DS

* add more test

* rewrite zone signer

* compact

* simplify

* make easier to read

* bring back rrset_signer

* move default RRset signer

* more

* more

* prettier context handling (mypy issue pending)

* make NSEC zone signer less complex

* update

* fix txn, sign as defined by SEP

* docs

* add back missing dnskey_include

* rename dnskey_include to add_dnskey

* check KSK/ZSK key tags in signed zone

---------

Co-authored-by: Bob Halley <halley@dnspython.org>

OpenSSL 3 with the FIPS 140-3 module, as the module will not
generate keys with a "q" size that is representable in DNSSEC.

Add CDS and CDNSKEY utilities:

make_cdnskey()
make_cds()
make_ds_rdataset()
cds_rdataset_to_ds_rdataset()
dnskey_rdataset_to_cds_rdataset()
dnskey_rdataset_to_cdnskey_rdataset()

* first cut at key_to_dnskey

* update docs

* typo

* use real test vectors for DNSKEY

* comment

* split

* add test for large exponent size

* rename to make_dnskey

* no default algorithm

* rename and add comment

* split out function to create rrsig signature data

* docs

* add type for public key

* more typing

* make RSA exponent key test easier to read

* work in progress for dns.dnssec.sign

* better docs

* docs

* simplify

* add test with RSASHA1

* initial support for DSA

* update docs

* clean up DSA, t still not clear

* allow inception/expiration to be specified as datetime, string, float or in

* allow rrset to be specified as a tuple

* calculate dsa_t

* reformat

* more rrset tuple fixes

* support DSA

* improve exception handling

* fix return type error

* fix typing issue to silence mypy

* make test case more verbose

* ensure UTC and use sigtime_to_posixtime to convert text to timestamp

Make flake8 and pylint happy by wrapping the long lines.

Signed-off-by: Benjamin Drung <bdrung@ubuntu.com>