Only log bumped signed serial after a successful secure zone update

Only log bumped signed serial after a successful secure zone update

If a raw zone is modified, but the dns_update_signaturesinc() call in
receive_secure_serial() fails, the corresponding secure zone's database
will not be modified, even though by that time a message containing the
bumped signed serial will already have been logged.  This creates
confusion, because a different secure zone version will be served than
the one announced in the logs.  Move the relevant dns_zone_log() call so
that it is only performed if the secure zone's database is modified.