PowerDNS: ensurance of zone metadata + support for NSEC3

[tacerus]

Is your feature request related to a problem? Please describe.

• Currently zone metadata is only set upon creation of a zone - modifications through dnscontrol are not possible, and inconsistencies with the server are not detected.
• Only a subset of available zone metadata is exposed, NSEC3 cannot be enabled.

Describe the solution you'd like

• It would be beneficial being able to modify metadata (kind, dnssec, soa_edit_api, ..) and having dnscontrol ensure the given options are set.
• The nsec3param field should be exposed in addition to dnssec, but should be kept consistent and not only set during zone creation.

Describe alternatives you've considered

n/a

Additional context

Currently DNSSEC is handled through the /cryptokeys API. I think it would simplify the implementation of NSEC3 support by dropping this in favor of setting dnssec and nsec3params in the basic zone metadata (/zones API), which is already partially done through the dnssec_on_create toggle - but it adds a dependency to being able to update and ensure metadata settings, for example upon editing nsec3params.

The go-powerdns library used already exposes a ModifyBasicZoneData() function which would be suitable for this.

I would be happy to submit patches for this but it seems EnsureZoneExists() is only used for creation of a domain, and I cannot find any infrastructure for modifications beyond RRsets. The other providers I briefly inspected seem to only set zone metadata upon creation as well.

[eratzlaff]

I opened a new PR on the mittwald/go-powerdns to support the metadata API from PowerDNS, https://github.com/mittwald/go-powerdns/pull/27 This could be useful for this request to support metadata after the creation of the zone. CC @jpbede