Enhance user Packet with DNSSec and Relay recommendations.

[Nuhvi]

If the DNS packet provided by the user have enough remaining space, we could automatically add:

1. Sign all the user provided records with DNSSec, so non-pkarr clients that do support DNSSec could still authenticate the answers they receive over normal DNS.
2. If the user provided trusted Relays, then we add them (possibly to additional records) as recommended relays, so clients may check these relays before the rest of the network (until the TTL expires), which provides more consistency (as the user is writing to these relays first) and reduce the read load on the DHT.

[Nuhvi]

After some conversations, DNSSEC doesn't seem viable since it DNSSEC enabled clients won't actually recognize Pkarr TLDs as sovereign keys, and will expect a non-existent certificate chain from ICANN.

Alternatively, we could put the signature in the additional section, even though that will include some fiddling, and will need some speccing.

[Nuhvi]

While relay recommendations are interesting, I decided that they are mostly useful for high frequency updates, and while that is needed for many applications, it should be clear that it is not within the purposes of neither Pkarr or DNS in general. Thus the cost of complexity of relay recommendations isn't only not justified, it is probably harmful to the clear communication of goals and non-goals of Pkarr.