deprecate "trusted-keys"

- trusted-keys is now flagged as deprecated, but still works
- managed-keys can be used to configure permanent trust anchors by
  using the "static-key" keyword in place of "initial-key"
- parser now uses an enum for static-key and initial-key keywords

bin/tests/system/checkconf/tests.sh

@@ -371,7 +371,7 @@ if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
-echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)"
+echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' does not generate a warning ($n)"
 ret=0
 $CHECKCONF good-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
 [ -s checkconf.out$n ] && ret=1
@@ -395,7 +395,7 @@ $CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
-echo_i "check that the 2017 ICANN ROOT KSK alone does not warning ($n)"
+echo_i "check that the 2017 ICANN ROOT KSK alone does not generate a warning ($n)"
 ret=0
 $CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1
 [ -s checkconf.out$n ] && ret=1