BIND DNSSEC validation mode. Implements #10832

[vktg]

• Redmine Issue: https://redmine.pfsense.org/issues/10832
• Ready for review

Bug: The DNSSEC Validation tick-box has no effect, as PFSEnse has root zone keys, so "auto" behaviour is used whether ticked or not.

Explanation: Referencing docs: https://downloads.isc.org/isc/bind9/9.14.12/doc/arm/Bv9ARM.ch04.html#dnssec_config

If DNSSEC-Validation tickbox is enabled, adds: "dnssec-validation yes;" (wrong as config is missing "trusted-keys" or "managed-keys" statement. )
If DNSSEC-Validation tickbox is disabled, removes "dnssec-validation" clause altogether. (result: uses trust anchor for the DNS root zone automatically. Same effect as "yes" without trusted-keys/managed-keys)

Fix:
Change forwarder DNSSEC Validation tickbox to a drop-down selection of [yes|auto|no].
Default is 'Auto' (as current unchecked behavior)

https://downloads.isc.org/isc/bind9/9.14.12/doc/arm/Bv9ARM.ch04.html#dnssec_config:

When dnssec-validation is set to auto, a trust anchor for the DNS root zone will automatically be used. This trust anchor is provided as part of BIND and is kept up to date using RFC 5011 key management.
When dnssec-validation is set to yes, DNSSEC validation will only occur if at least one trust anchor has been explicitly configured in named.conf using a trusted-keys or managed-keys statement.
When dnssec-validation is set to no, DNSSEC validation will not occur.