roles/named: Support managing TSIG keys

To support signing of updates, TSIG keys can be defined using the
`named_keys` variable. This variable takes a list of objects with the
following properties:

* `name`: The name of the key
* `algorithm`: The signature algorithm (default: `hmac-md5`)
* `secret`: The base64-encoded key material

roles/named/templates/named.secrets.j2

@@ -0,0 +1,8 @@
+// DNSSEC key configuration for ISC BIND
+{% for key in named_keys %}
+
+key {{ key.name }} {
+    algorithm {{ key.algorithm|d('hmac-md5') }};
+    secret "{{ key.secret }}";
+};
+{% endfor %}