Fix check next key event check in kasp test

Prevent intermittent false positives on slow platforms by subtracting
the number of seconds which passed between key creation and invoking
'rndc dnssec -checkds'.

This particularly fails for the step3.csk-roll2.autosign zone because
the closest next key event is when the zone signatures become
omnipresent. Running 'rndc dnssec -checkds' some time later means
that the next key event is in fact closer than the calculated time
and thus we need to adjust the expected time by the time already
passed.

(cherry picked from commit 262b52a154)

bin/tests/system/kasp/tests.sh

@@ -3682,8 +3682,13 @@ dnssec_verify
 # successor signatures.  This is the retire interval: Dsgn plus the
 # maximum zone TTL plus the zone propagation delay plus retire-safety. For the
 # csk-roll2 policy that means: 12h (because 1d validity and refresh within
-# 12 hours) + 1d + 1h + 1h = 38h = 136800 seconds.
-check_next_key_event 136800
+# 12 hours) + 1d + 1h + 1h = 38h = 136800 seconds.  Prevent intermittent false
+# positives on slow platforms by subtracting the number of seconds which
+# passed between key creation and invoking 'rndc dnssec -checkds'.
+now="$(TZ=UTC date +%s)"
+time_passed=$((now-start_time))
+next_time=$((136800-time_passed))
+check_next_key_event $next_time
 
 #
 # Zone: step4.csk-roll2.autosign.