Change nsec3param salt config to saltlen

Upon request from Mark, change the configuration of salt to salt
length.

Introduce a new function 'dns_zone_checknsec3aram' that can be used
upon reconfiguration to check if the existing NSEC3 parameters are
in sync with the configuration. If a salt is used that matches the
configured salt length, don't change the NSEC3 parameters.

(cherry picked from commit 6f97bb6b1f)

bin/tests/system/nsec3/ns3/named.conf.in

@@ -25,7 +25,7 @@ dnssec-policy "optout" {
 };
 
 dnssec-policy "nsec3-other" {
-	nsec3param iterations 11 optout yes salt "deadbeef";
+	nsec3param iterations 11 optout yes salt-length 0;
 };
 
 options {