Allow unsupported alg in zone /w dnssec-signzone

Allow unsupported alg in zone /w dnssec-signzone

dnssec-signzone should sign a zonefile that contains a DNSKEY record
with an unsupported algorithm.  Current behavior is that it will
fail, hitting a fatal error.  The fix detects unsupported algorithms
and will not try to add it to the keylist.

Also when determining the maximum iterations for NSEC3, don't take
into account DNSKEY records in the zonefile with an unsupported
algorithm.

(cherry picked from commit 1dd11fc754baf396bb3040527087b14f0678dd83)