What does this implement/fix?

Add TRUNCATED status to enumeration of valid DNSSEC status codes. Truncated answer can't be validated. If this is an answer to a DNSSEC-generated query, we still need to get the client to retry over TCP, so we return an answer with the TC bit set, even if the actual answer fits into buffer. All the other code is already there, just the parsing code needs a minor tweak.

I have never seen a truncated DNSSEC message with my local unbound, however, I have recently received comments about this status popping up quite often with certain online resolvers (Quad9 or DNS.Watch IIRC) putting too much optional content into the DNSSEC reply causing fragmentation (= truncation). The only way to remedy is retrying over TCP which then does support fragmentation (as said above).

This fix is merely cosmetic, FTL already behaves correctly but is needlessly complaining about an unknown status in its log file.

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

By submitting this pull request, I confirm the following:

1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the EUPL 1.2 license
5. I have squashed any insignificant commits. (git rebase)

Checklist:

• The code change is tested and works locally.
• I based my code and PRs against the repositories developmental branch.
• I signed off all commits. Pi-hole enforces the DCO for all contributions
• I signed all my commits. Pi-hole requires signatures to verify authorship
• I have read the above and my PR is ready for review.