Report an error for violation of serial keep policy

[tertsdiepraam]

Closes #476

[Philip-NLnetLabs]

This would be fine if the signing request is due to a new version of the zone. But signing requests also result from key management and timers. And I think we don't want an error for those cases.

[ximon18]

This would be fine if the signing request is due to a new version of the zone. But signing requests also result from key management and timers. And I think we don't want an error for those cases.

I mistakenly set a zone to keep policy while also giving it a fast incremental resign rate which leads to Cascade repeatedly trying and failing to sign the zone due to keep policy violation, except that violation doesn't show up anywhere so I didn't realize what was going on. This is admittedly user error on my part, but this doesn't seem a useful state for Cascade to silently be in.

[Philip-NLnetLabs]

If we make it not silent then we basically kill Keep because it will generate an error every time the refresh timer expires. Something at debug level is fine of course.

[tertsdiepraam]

@Philip-NLnetLabs could you explain how you want this to work? I think the signer should not even start any resigning with keep. So we should add that to this PR maybe? Is there an easy way to do that?