Tidy up cleanup path in check_signer()

Tidy up cleanup path in check_signer()

The cloned signature rdataset was not disassociated on the early
return taken when dns_dnssec_keyfromrdata() fails to parse the DNSKEY
public-key data.  In every current caller val->sigrdataset reaches
check_signer() rdatalist-backed, so dns_rdataset_clone() copies the
struct without taking any reference and dns_rdataset_disassociate()
is a no-op -- no memory is actually leaked today.  Hoist the key
parse out of the per-RRSIG loop and let the function fall through
to a single cleanup path, so the parse and the iteration cannot
diverge again.

Assisted-by: Claude:claude-opus-4-7
(cherry picked from commit 19f44a0aa376bace89d8ffaece546e1fc891a763)