Avoid repeated Cloudflare resolve attempts when DNS over TLS is blocked

[agners]

When a first resolve attempt on the fallback chain (:5553) fails, the fallback plug-in of the main chain will trigger health check. By default health checks sends a request every 0.5s as long as upstream reports unhealthy (default value). Unfortuntely the fallback plug-in's health check can't be confiugred currently.

Each of these health checks will trigger a 5s resolve attempt by the fallback chains forward plug-in. And since we get a health check every 0.5s, and health checks on the fallback chain are disabled, this leads to non-stop resolve attempts, forever.

On-top of that, even when the primary/DHCP provided DNS server is working, the loop plug-in will trigger a first resolve attempt on the fallback chain still! This means, even with a working primary DNS sever, the fallback chain will enter a runaway loop still!

This change does several things:

• Handle the loop check using a template plug-in. This avoids a loop test requests to Cloudflare. With that, and a working primary DNS server, no DNS requests will get sent to Cloudflare by default.
• Handle the health check of the fallback plug-in using a template plug-in. This essentially "disables" health check on the primary chains fallback plug-in (which would be the better approach, if that were possible).
• Reenable health checks in the fallback chain, to avoid repeated attempts to Cloudflare when it's not available.

Fixes #90