Some DNSSEC tools and trust-anchor handling could fail when
working with unusually large DNSSEC keys or signatures,
including those used by post-quantum algorithms. These paths
now accept DNSKEY, CDNSKEY, CDS, and RRSIG data up to the DNS
record size limits, so large key material can be parsed, written,
checked, and signed consistently.
Merge branch 'ondrej/dynamic-dnssec-buffers' into 'main'
See merge request isc-projects/bind9!12370