NSEC3: NextOwner==CurrentOwner handling suggestion

[BenBE]

At the moment an NSEC3 (and possibly NSEC RR too?) that has it's NextOwner set to itself is handled as invalid.

While this is correct for the common case, there is one exception, which is if the Owner name points to the zone's SOA name, in which case such an RR indicates an empty zone.

It would be nice if n3map could handle this situation in such a way, that the zone is simply "finished" with this NSEC3/NSEC RR as it's only owner name in the NSEC3/NSEC chain (i.e. no exception IFF the Owner belongs to the zone entry).

Example:

$ dig +dnssec CNAME airtel.

; <<>> DiG 9.18 <<>> +dnssec CNAME airtel.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65372
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
;; QUESTION SECTION:
;airtel.                                IN      CNAME

;; AUTHORITY SECTION:
airtel.                 86400   IN      SOA     ac1.nstld.com. info.verisign-grs.com. 1676332990 1800 900 604800 86400
airtel.                 86400   IN      RRSIG   SOA 8 1 86400 20230220215310 20230213215310 5023 airtel. kmR8WQ6M8aXAMgSX1Ez10M5GPKmZyyTp/6KN1mxLOd/dWrYBowEw9SW8 ZykPpNNN7Yxr/1S+0B3ywGXVmJFhBO+IMP3DtN++nYEXPfMQPfbRQYnM SfdHQpHwJw6Q0kbWL2o9mGpZYZKmOmJXIzsA3ycZZbJaK3+ClBfKRdMm gy0mxuxS6GQ8NyYyJ1l0WAzz4bM0Ray0W9pXfO+aPrJ6GA==
SUKRVK4IEDLPQC37JR5200NRLPOAJIBS.airtel. 86400 IN NSEC3 1 1 0 - SUKRVK4IEDLPQC37JR5200NRLPOAJIBS NS SOA RRSIG DNSKEY NSEC3PARAM
SUKRVK4IEDLPQC37JR5200NRLPOAJIBS.airtel. 86400 IN RRSIG NSEC3 8 2 86400 20230218222412 20230211222412 5023 airtel. XKAmXeswtninpnsrTrwwCrkow67nIv60qKBO6QvvzD857Zvrmi87jm+b V+Epw9AUdf9d+PQ3F21Pd7DLtUQ8/NpX2dJaz8fPQGxjgtZcd0aGeqjs 0CuAGGGYbOwC+gBgC6VGRv73xBVd1BPWIwIop35o90Fy7F/SgSj2WqBm d5nT7qrkcSvlS8201eerMqpPxEBjPa7nYOQfY/ZFZDKY7g==

;; Query time: 116 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Tue Feb 14 01:03:33 CET 2023
;; MSG SIZE  rcvd: 578