Rewritten zone signing after reload.
Also simplified the operation a lot. First the newly loaded zone is signed and then the diff is generated (signed zone vs old zone in memory). Thus we do not need to do changeset merging and other such magic. The old code was wrong, as it may have lead to a situation when user makes some changes to DNSSEC records, those are overwritten by signing the zone, but the changeset contains both changes resulting in non-consistent zone.
Showing with 160 additions and 129 deletions