dnssec: Check validation with short RSA key size FIPS mode

use a pregenerated zone signed with RSASHA1 keys at 1024 bits.

bin/tests/system/dnssec/ns2/example.db.in

@@ -171,4 +171,7 @@ ns.revkey		A	10.53.0.3
 rsasha1			NS	ns.rsasha1
 ns.rsasha1		A	10.53.0.3
 
+rsasha1-1024		NS	ns.rsasha1-1024
+ns.rsasha1-1024		A	10.53.0.3
+
 dname-at-apex-nsec3	NS	ns3

bin/tests/system/dnssec/ns2/sign.sh

@@ -63,7 +63,7 @@ for subdomain in secure badds bogus dynamic keyless nsec3 optout \
 	ttlpatch split-dnssec split-smart expired expiring upper lower \
 	dnskey-unknown dnskey-unsupported dnskey-unsupported-2 \
 	dnskey-nsec3-unknown managed-future revkey \
-	dname-at-apex-nsec3 occluded rsasha1
+	dname-at-apex-nsec3 occluded rsasha1 rsasha1-1024
 do
 	cp "../ns3/dsset-$subdomain.example." .
 done