Fix kasp bug new KSK on restart [#1593]

When you do a restart or reconfig of named, or rndc loadkeys, this
triggers the key manager to run.  The key manager will check if new
keys need to be created. If there is an active key, and key rollover
is scheduled far enough away, no new key needs to be created.

However, there was a bug that when you just start to sign your zone,
it takes a while before the KSK becomes an active key. An active KSK
has its DS submitted or published, but before the key manager allows
that, the DNSKEY needs to be omnipresent. If you restart named
or rndc loadkeys in quick succession when you just started to sign
your zone, new keys will be created because the KSK is not yet
considered active.

Fix is to check for introducing as well as active keys. These keys
all have in common that their goal is to become omnipresent.

lib/dns/dst_api.c

@@ -2468,7 +2468,6 @@ dst_key_is_active(dst_key_t *key, isc_stdtime_t now)
 	return ds_ok && zrrsig_ok && time_ok && !inactive;
 }
 
-
 bool
 dst_key_is_signing(dst_key_t *key, int role, isc_stdtime_t now, isc_stdtime_t *active)
 {
@@ -2582,6 +2581,19 @@ dst_key_is_removed(dst_key_t *key, isc_stdtime_t now, isc_stdtime_t *remove)
 	return state_ok && time_ok;
 }
 
+dst_key_state_t
+dst_key_goal(dst_key_t *key)
+{
+	dst_key_state_t state;
+	isc_result_t result;
+
+	result = dst_key_getstate(key, DST_KEY_GOAL, &state);
+	if (result == ISC_R_SUCCESS) {
+		return state;
+	}
+	return DST_KEY_STATE_HIDDEN;
+}
+
 void
 dst_key_copy_metadata(dst_key_t *to, dst_key_t *from)
 {