explicitly set dnssec-validation in system tests

the default value of dnssec-validation is 'auto', which causes
a server to send a key refresh query to the root zone when starting
up. this is undesirable behavior in system tests, so this commit
sets dnssec-validation to either 'yes' or 'no' in all tests where
it had not previously been set.

this change had the mostly-harmless side effect of changing the cached
trust level of unvalidated answer data from 'answer' to 'authanswer',
which caused a few test cases in which dumped cache data was examined in
the serve-stale system test to fail. those test cases have now been
updated to expect 'authanswer'.

(cherry picked from commit 0b09ee8cdc)

bin/tests/system/dnssec/ns5/named2.conf.in

@@ -31,6 +31,7 @@ options {
 	listen-on { 10.53.0.5; 127.0.0.1; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 };
 
 view root {