rollover-going-insecure: From setup.sh to pytest bootstrap

rollover-going-insecure: From setup.sh to pytest bootstrap

Symlink ns1 and ns2 to rollover/ns1 and rollover/ns2.
Symlink ns3/template.db.j2.manual to rollover/ns3/template.db.j2.manual.

Since the bootstrapping is done before the templates are rendered
automatically, replace @DEFAULT_ALGORITHM@ in ns3/kasp.conf.j2 to
ecdsa256 and rename to ns3/kasp.conf.

Now we have to fake different lifetimes, so adjust fake_lifetime
to update a single key.

Note that we have changed the setup slightly: We also sign the
step2 zones, but with post validation disabled. This is more
accurate because we need to test that the public keys and signatures
are being removed from the zone.

(cherry picked from commit cc4244f38411cfb67aed6467994ac85002ac8756)