Add purge-keys config option

Add a new option 'purge-keys' to 'dnssec-policy' that will purge key
files for deleted keys. The option determines how long key files
should be retained prior to removing the corresponding files from
disk.

If set to 0, the option is disabled and 'named' will not remove key
files from disk.

bin/tests/system/checkconf/good.conf

@@ -26,6 +26,7 @@ dnssec-policy "test" {
 	parent-ds-ttl 7200;
 	parent-propagation-delay PT1H;
 	publish-safety PT3600S;
+	purge-keys P90D;
 	retire-safety PT3600S;
 	signatures-refresh P3D;
 	signatures-validity P2W;