Document the behavior of the max-signature-cache-entries setting.

Document the behavior of the max-signature-cache-entries setting.

Update documentation with a few things I learned during a debugging
session with great help on IRC.

If you use NSEC narrow mode and handle queries that generates a lot of
signatures, e.g. because of random subdomain queries this can cause
the cache to grow very large.

Also document the surprising cache eviction policy of dropping all
cache entries when the maximum cache size is hit.