[9.20] fix: usr: dnssec-signzone needs to check for a NULL key when setting offline

dnssec-signzone could dereference a NULL key pointer when resigning a zone.  This has been fixed.

Closes #5192

Backport of MR !10161

Merge branch 'backport-5192-dnssec-signzone-needs-to-check-for-a-null-key-when-setting-offline-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10169

bin/dnssec/dnssec-signzone.c

@@ -551,7 +551,7 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
 		future = isc_serial_lt(now, rrsig.timesigned);
 
 		key = keythatsigned(&rrsig);
-		offline = key->pubkey;
+		offline = (key != NULL) ? key->pubkey : false;
 		sig_format(&rrsig, sigstr, sizeof(sigstr));
 		expired = isc_serial_gt(now, rrsig.timeexpire);
 		refresh = isc_serial_gt(now + cycle, rrsig.timeexpire);