Tweak query_addds() comments to avoid confusion

Tweak query_addds() comments to avoid confusion

It has been noticed that commit f88c90f47f39a044d23912bcd823c36654c5236b
did not only fix NSEC record handling in signed, insecure delegations
prepared using both wildcard expansion and CNAME chaining - it also
inadvertently fixed DS record handling in signed, secure delegations
of that flavor.  This is because the 'rdataset' variable in the relevant
location in query_addds() can be either a DS RRset or an NSEC RRset.
Update a code comment in query_addds() to avoid confusion.

Update the comments describing the purpose of query_addds() so that they
also mention NSEC(3) records.

(cherry picked from commit 29d8d35869ad44531fc0690a24074df9c7e0927a)