[9.20] fix: usr: Use signer name when disabling DNSSEC algorithms

[9.20] fix: usr: Use signer name when disabling DNSSEC algorithms

``disable-algorithms`` could cause DNSSEC validation failures when the parent zone was
signed with the algorithms that were being disabled for the child zone.
This has been fixed; `disable-algorithms` now works
on a whole-of-zone basis.

If the zone's name is at or below the ``disable-algorithms`` name the algorithm
is disabled for that zone, using deepest match when there are multiple
``disable-algorithms`` clauses.

Closes #5165

Backport of MR !10837

Merge branch 'backport-5165-use-signer-name-when-disabling-dnssec-algorithms-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!11014