sec: usr: Fix race condition in getsigningtime()

Compute qpzone_get_lock(elem->node) into a local variable while the
heap lock is still held, rather than dereferencing the stale elem
pointer after releasing the lock. A concurrent thread running
setsigningtime() (e.g. via IXFR apply on a worker thread) could free
the top-of-heap element between the heap lock release and the
dereference, causing a use-after-free.

Closes #5883

Merge branch '5883-getsigningtime-race-fix' into 'main'

See merge request isc-projects/bind9!11875