rrcache: don't store NSEC3 and their signatures

They would end up cached by their hashed owner names and then even
returned if explicitly queried by that hashed name, which is not correct:
https://tools.ietf.org/html/rfc4035#section-2.3

Internally we only need these for non-existence proofs, and those are
stored in pktcache instead.
3 jobs for rrcache-no-nsec3
in 8 minutes and 12 seconds and was queued for 1 second