[9.20] fix: usr: Separate DNSSEC validation from the long-running tasks

[9.20] fix: usr: Separate DNSSEC validation from the long-running tasks

As part of the KeyTrap \[CVE-2023-50387\] mitigation, the DNSSEC CPU-intensive operations were offloaded to a separate threadpool that we use to run other tasks that could affect the networking latency.

If that threadpool is running some long-running tasks like RPZ, catalog zone processing, or zone file operations, it would delay DNSSEC validations to a point where the resolving signed DNS records would fail.

Split the CPU-intensive and long-running tasks into separate threadpools in a way that the long-running tasks don't block the CPU-intensive operations.

Closes #4898

Backport of MR !9473

Merge branch 'backport-4898-move-offloaded-DNSSEC-to-own-threads-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9495