DNSSEC Key-Generation broken on mirrors

This is a TODO-Issue for me.

DNSSEC-Implementation does not work correctly in mirrored environments.

Todo:

1. block mirrors from generating keys
2. store the keys in database (without need of new DB fields as 3.1-DB-structure is already locked)
3. read keys from DB before creating new ones (this implements a DB-Backup as a side-effect)
4. on Mirrors retry signing if the key was not available on soa_create

I pulled this out from #1491 (closed) as it went a bit offtopic.