Fix incorrect alignment check behavior in DMARC strict mode

[WhiteAnthrax]

The current implementation incorrectly allows partial domain matches in strict alignment mode. According to RFC 7489 Section 3.1.1 and 3.1.2, strict alignment (adkim=s or aspf=s) requires an exact match between the RFC5322.From domain and the domain being evaluated.

The issue occurs when Public Suffix List is configured. Current behavior with strict mode shows an incorrect match: From: [email protected], envelope from: [email protected]

1. First exact match fails (correct: sub.example.com ≠ example.com)
2. Gets TLD+1 from header From domain (example.com from sub.example.com)
3. Matches this TLD+1 against envelope from (example.com)
4. Results in PASS (incorrect in strict mode)

Note: When Public Suffix List is not configured, this incorrect matching does not occur because TLD resolution returns the entire domain unchanged.

The reverse case works correctly regardless of Public Suffix List configuration: From: [email protected], envelope from: [email protected]

1. First exact match fails
2. Further checks fail
3. Results in FAIL (correct for strict mode)

The problem affects both SPF (aspf=s) and DKIM (adkim=s) alignment checks equally, as they use the same alignment checking function.

This patch:

1. Makes strict mode return immediately after the initial exact match check fails
2. Removes TLD resolution based matching for strict mode
3. Preserves existing relaxed mode behavior

The changes ensure proper implementation of RFC 7489's requirement that strict mode must only allow exact matches between domains.