Only log bumped signed serial after a successful secure zone update

Only log bumped signed serial after a successful secure zone update

If a raw zone is modified, but the dns_update_signaturesinc() call in
receive_secure_serial() fails, the corresponding secure zone's database
will not be modified, even though by that time a message containing the
bumped signed serial will already have been logged.  This creates
confusion, because a different secure zone version will be served than
the one announced in the logs.  Move the relevant dns_zone_log() call so
that it is only performed if the secure zone's database is modified.

(cherry picked from commit cfbc8e264d5a276fda2d1c0b15a4725cc293ba65)
(cherry picked from commit cdc7ab42b111a4e6aaaac19e86069d996ea11002)