Add purge-keys config option

Add a new option 'purge-keys' to 'dnssec-policy' that will purge key
files for deleted keys. The option determines how long key files
should be retained prior to removing the corresponding files from
disk.

If set to 0, the option is disabled and 'named' will not remove key
files from disk.

doc/misc/options.active

@@ -31,6 +31,7 @@ dnssec-policy <string> {
         parent-ds-ttl <duration>;
         parent-propagation-delay <duration>;
         publish-safety <duration>;
+        purge-keys <duration>;
         retire-safety <duration>;
         signatures-refresh <duration>;
         signatures-validity <duration>;