autosign: use FIPS compatible algorithms and key sizes

The nsec-only.example zone was not converted as we use it to
test nsec-only DNSSEC algorithms to nsec3 conversion failure.
The subtest is skipped in fips mode.

Update "checking revoked key with duplicate key ID" test
to use FIPS compatible algorithm.

bin/tests/system/testcrypto.sh

@@ -26,7 +26,7 @@ while test "$#" -gt 0; do
                 args="$args -q"
                 quiet=1
                 ;;
-        rsa|RSA)
+        rsa|RSA|rsasha1|RSASHA1)
                 alg="-a RSASHA1"
                 msg="RSA cryptography"
                 ;;