simplify validate_dnskey and seek_ds

simplify validate_dnskey and seek_ds

- pull out the code that checks whether a key was signed by a trust
  anchor into a separate function, anchor_signed().
- pull out the code that looks up a DS while validating a zone key
  into a separate function, get_dsset().
- check in create_validator() whether the sigrdataset is bound, so that
  we can always pass in &val->fsigrdataset during an insecurity proof;
  this will allow a reduction of code duplication.