129973ebb0
The key lifetime should no longer be adjusted if the key is being retired earlier, for example because a manual rollover was started. This would falsely be seen as a dnssec-policy lifetime reconfiguration, and would adjust the retire/removed time again. This also means we should update the status output, and the next rollover scheduled is now calculated using (retire-active) instead of key lifetime.