rec: Add support for NOTIFY operations to wipe cache entries

rec: Add support for NOTIFY operations to wipe cache entries

NOTIFY operations can be sent to trigger removal of cache entries which
match the zone specified in the operation. All entries, regardless of
type, in or below the specified zone, are removed.  Control over
permission to send such operations is provided by an ACL, and control over
zones which can be wiped is provided by a new configuration setting.

The default configuration ignores all NOTIFY operations.

This patch adds:

* 'allow-notify-from' and 'allow-notify-from-file' settings, operating
  almost identically to 'allow-from' and 'allow-from-file' (the only
  difference being the default value).

* 'allow-notify-for' and 'allow-notify-for-file' settings, which provide
  a list of zones for which NOTIFY operations are allowed.

* modification to 'forward-zones-file' setting, allowing zones specified
  there to optionally allow NOTIFY operations.

* 'source-disallowed-notify' metric, counting the number of NOTIFY operations
  which have been denied by the ACL.

* 'zone-disallowed-notify' metric, counting the number of NOTIFY operations
  which have been denied by the zone list.

* API support for modifying 'allow-notify-from' ACL.

* Regression tests for new ACL settings.