explicitly set dnssec-validation in system tests

the default value of dnssec-validation is 'auto', which causes
a server to send a key refresh query to the root zone when starting
up. this is undesirable behavior in system tests, so this commit
sets dnssec-validation to either 'yes' or 'no' in all tests where
it had not previously been set.

this change had the mostly-harmless side effect of changing the cached
trust level of unvalidated answer data from 'answer' to 'authanswer',
which caused a few test cases in which dumped cache data was examined in
the serve-stale system test to fail. those test cases have now been
updated to expect 'authanswer'.

(cherry picked from commit 0b09ee8cdc)

bin/tests/system/runtime/ns2/named-alt4.conf.in

@@ -18,4 +18,5 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 };

bin/tests/system/runtime/ns2/named-alt5.conf.in

@@ -18,4 +18,5 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 };

bin/tests/system/runtime/ns2/named-alt6.conf.in

@@ -18,4 +18,5 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 };

bin/tests/system/runtime/ns2/named-alt7.conf.in

@@ -16,4 +16,5 @@ options {
 	pid-file "named.pid";
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { fd92:7065:b8e:ffff::2; };
+	dnssec-validation no;
 };

bin/tests/system/runtime/ns2/named-alt9.conf.in

@@ -17,4 +17,5 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 };