Update DNSSEC07 test case to explicitly check for DNSSEC

[matsduf]

There is no test case that explicitly checks if the zone in testing is signed or not. DNSSEC07 comes closest and does in practice check for DNSSEC. The title of it is "If DNSKEY at child, parent should have DS" and the objective is

If the child zone have a DNSKEY published, the intent may be to have a secure chain up to the root. If there is no DS record published at the parent zone, this might be a configuration error.

However, it directly or indirectly outputs messages that report if the zone in testing is signed or not:

Tag	Message
DNSKEY_BUT_NOT_DS	{child} sent a DNSKEY record, but {parent} did not send a DS record.
DNSKEY_AND_DS	{parent} sent a DS record, and {child} a DNSKEY record.
NEITHER_DNSKEY_NOR_DS	There are neither DS nor DNSKEY records for the zone.
DS_BUT_NOT_DNSKEY	{parent} sent a DS record, but {child} did not send a DNSKEY record.
NOT_SIGNED	The zone is not signed with DNSSEC.

Let DNSSEC07 explicitly check if the zone seems to be signed (has DNSKEY) and if so check if DS is present in parent. The updated specification will set the level of the messages, where it has been proposed in https://github.com/orgs/zonemaster/discussions/1364 that absence of DNSSEC should trigger a WARNING, not just an NOTICE.

Current specification of DNSSEC07 is old. This will be a complete rewrite of DNSSEC07. This issue is just about the specification. The update of the implementation will be a second step.

[matsduf]

Resolved by #1425