fix EDE 22 time out detection

Extended DNS error 22 (No reachable authority) was previously detected
when `fctx_expired` fired. It turns out this function is used as a
"safety net" and the timeout detection should be caught earlier.

It was working though, because of another issue fixed by !9927. Since
this change, the recursive request timed out detection occurs before
`fctx_expired` so EDE 22 is not added to the response message anymore.

The fix of the problem is to add the EDE 22 code in two situations:

- When the dispatch code timed out (rctx_timedout) the resolver code
  checks various properties to figure out if it needs to make another
  fetch attempt. One of the paramters if the fetch expiration time. If
  it expires, the whole recursion is canceled, so it now adds the EDE 22
  code.

- If the fetch expiration time doesn't expires in the case above (and
  other parameters allows it) a new fetch attempt is made (fctx_query).
  But before the new request is actually made, the fetch expiration time
  is re-checked. It might then has elapsed, and the whole recursion is
  canceled. So it now also adds the EDE 22 code here as well.

lib/dns/resolver.c

@@ -1987,6 +1987,10 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 	fctx_setretryinterval(fctx, srtt);
 	if (isc_interval_iszero(&fctx->interval)) {
 		FCTXTRACE("fetch expired");
+		LOCK(&fctx->lock);
+		dns_ede_append(fctx->mctx, &fctx->edelist,
+			       DNS_EDE_NOREACHABLEAUTH, NULL);
+		UNLOCK(&fctx->lock);
 		return ISC_R_TIMEDOUT;
 	}
 
@@ -7948,6 +7952,10 @@ rctx_timedout(respctx_t *rctx) {
 		if (isc_time_microdiff(&fctx->expires, &now) < US_PER_MS) {
 			FCTXTRACE("query timed out; stopped trying to make "
 				  "fetch happen");
+			LOCK(&fctx->lock);
+			dns_ede_append(fctx->mctx, &fctx->edelist,
+				       DNS_EDE_NOREACHABLEAUTH, NULL);
+			UNLOCK(&fctx->lock);
 		} else {
 			FCTXTRACE("query timed out; trying next server");
 			/* try next server */