Do not use IANA DNSSEC keys in the "rpz" system test

With "dnssec-validation" now defaulting to "auto", it needs to be
explicitly set to "yes" (the previous default value) for all validating
resolvers used in system tests.  Ensure that requirement is satisfied by
the resolvers used in the "rpz" system test.

bin/tests/system/rpz/ns2/named.conf.in

@@ -20,6 +20,8 @@ options {
 	listen-on-v6 { none; };
 	notify no;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 };
 
 key rndc_key {

bin/tests/system/rpz/ns3/named.conf.in

@@ -26,6 +26,8 @@ options {
 	listen-on-v6 { none; };
 	notify yes;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "bl"					max-policy-ttl 100;

bin/tests/system/rpz/ns4/named.conf.in

@@ -20,6 +20,8 @@ options {
 	listen-on-v6 { none; };
 	notify no;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 };
 
 include "../trusted.conf";

bin/tests/system/rpz/ns5/named.conf.in

@@ -28,6 +28,8 @@ options {
 	notify-delay 0;
 	notify yes;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	# turn rpz on or off
 	include "rpz-switch";

bin/tests/system/rpz/ns6/named.conf.in

@@ -22,6 +22,8 @@ options {
 	forward only;
 	forwarders { 10.53.0.3; };
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "policy1" min-update-interval 0;

bin/tests/system/rpz/ns7/named.conf.in

@@ -20,6 +20,8 @@ options {
 	listen-on { 10.53.0.7; };
 	listen-on-v6 { none; };
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "policy2";