deprecate delegation-only and root-delegation only

These options and zone type were created to address the
SiteFinder controversy, in which certain TLD's redirected queries
rather than returning NXDOMAIN. since TLD's are now DNSSEC-signed,
this is no longer likely to be a problem.

The deprecation message for 'type delegation-only' is issued from
the configuration checker rather than the parser. therefore,
isccfg_check_namedconf() has been modified to take a 'nodeprecate'
parameter to suppress the warning when named-checkconf is used with
the command-line option to ignore warnings on deprecated options (-i).

bin/tests/system/checkconf/deprecated.conf

@@ -23,6 +23,8 @@ options {
 	use-v6-udp-ports { range 1024 65535; };
 	avoid-v4-udp-ports { range 1 1023; };
 	avoid-v6-udp-ports { range 1 1023; };
+
+	root-delegation-only exclude { "them"; };
 };
 
 trusted-keys {
@@ -48,7 +50,17 @@ managed-keys {
 };
 
 zone example.com {
-        type primary;
+	type primary;
 	file "maxttl-bad.db";
 	max-zone-ttl 120;
 };
+
+zone "." {
+	type hint;
+	file "shared.example.db";
+	delegation-only yes;
+};
+
+zone com {
+	type delegation-only;
+};