Propagate NX domain and no record found errors

[marcus0x62]

This PR allows the Hickory recursor to more accurately provide NXDomain and NoData responses to queries. This required a number of changes to accomplish:

1. Change the ProtoErrorKind::Forward variant to preserve authority records and introduce a conversion method from RecursorErrorKind::Forward to ProtoErrorKind::NoRecordsFound for sending accurate responses back to clients.
2. Change the catalog forward response building method to preserve authority records
3. Change the DNSSEC Handler in the recursor to send back ProtoErrorKind::NoRecordsFound when dealing with NXDomain and NoData responses
4. Change the DNSSEC send handler to process error messages. Previously, the DNSSEC handler would ignore any error responses, which resulted in those responses not undergoing validation, even when Hickory is configured in validating mode.

There are also new tests for basic response code correctness to validate the changes above, and un-ignoring some conformance tests that now pass.

This change-set covers all of the NXDomain and NoError response mangling scenarios I could find in the code base, and it fixes a few DNSSEC-related issues. Significant DNSSEC-related processing issues remain, however, and I think will need to be addressed in a separate PR. While working on this fix, I also noticed:

• The NSEC3 code does not appear to handle opt-out proofs at all
• The DNSSEC code does not appear to correctly handle insecure delegations, partially due to the above.

The net result of this is that any queries to an insecure delegation from a secure parent will fail if hickory is configured as a validating resolver (i.e., almost all queries will fail if hickory is configured as a validating resolver.)

This PR does not fix the insecure delegation validation problem, but any realistic fix is contingent on fixing this issues this PR does address.

Related Issues/PRs:

• Issue [resolver] (0.25.0-alpha.2) DnsSec validate enabled should also use ProtoErrorKind::NoRecordsFound and skip validation #2503
• Issue RecursorDnsHandle misclasifies DS no-ds.extended-dns-errors.com. as ErrorKind::Forward #2435
• Issue dnssec: hickory responds with SERVFAIL when dealing with Insecure zones #2395
• Issue DNSSEC Not Working as Expected #2514
• PR Fix nxdomain conformance test for hickory-recursor #2477
• PR conformance: zone that lacks DS in parent zone #2388

[djc]

Sounds good!

(Tiny nit: consider keeping the first line of commit messages under ~70 characters, would avoid weird wrapping in the GitHub UI.)

[bluejekyll]

I guess I didn't fix the insecure look up issues before based on this PR.