dnssec: fix the key type with OpenDNSSEC 2.1
    
    The database storing the keys with OpenDNSSEC 2.1 has a
    different schema from OpenDNSSEC 1.4, and the keytype
    (ZSK, KSK) is stored in a different table column: "role"
    instead of "keytype".
    
    With OpenDNSSEC 1.4, keytype can be 256 (ZSK) or 257 (KSK), while
    with OpenDNSSEC 2.1, role can be 1 (KSK) or 2 (ZSK).
    The schema migration can be seen in opendnssec source code:
    enforcer/utils/1.4-2.0_db_convert/sqlite_convert.sql
    
    INSERT INTO hsmKey
    SELECT DISTINCT REMOTE.keypairs.id, 1, REMOTE.keypairs.policy_id,
    REMOTE.keypairs.HSMkey_id, 2, REMOTE.keypairs.size,
    REMOTE.keypairs.algorithm,  (~(REMOTE.dnsseckeys.keytype)&1)+1,
    CASE WHEN REMOTE.keypairs.generate IS NOT NULL THEN
    	strftime('%s', REMOTE.keypairs.generate)
    	ELSE strftime("%s", "now") END,
    0,
    1, --only RSA supported
     REMOTE.securitymodules.name,
    0 --assume no backup
    FROM REMOTE.keypairs
    JOIN REMOTE.dnsseckeys
    	ON REMOTE.keypairs.id = REMOTE.dnsseckeys.keypair_id
    JOIN REMOTE.securitymodules
    	ON REMOTE.securitymodules.id = REMOTE.keypairs.securitymodule_id;
    
    and the schema for the table is defined in enforcer/src/db/kasp.sqlite:
    CREATE TABLE HsmKey (
        locator VARCHAR(255) NOT NULL,
        candidate_for_sharing TINYINT UNSIGNED DEFAULT 0,
        bits INT UNSIGNED DEFAULT 2048,
        policy VARCHAR(255) DEFAULT 'default',
        algorithm INT UNSIGNED DEFAULT 1,
        role VARCHAR(3) DEFAULT 'ZSK',
        inception INT UNSIGNED,
        isrevoked TINYINT UNSIGNED DEFAULT 0,
        key_type VARCHAR(255),
        repository VARCHAR(255),
        backmeup TINYINT UNSIGNED DEFAULT 0,
        backedup TINYINT UNSIGNED DEFAULT 0,
        requirebackup TINYINT UNSIGNED DEFAULT 0,
        id INTEGER PRIMARY KEY AUTOINCREMENT
    );
    
    Fixes: https://pagure.io/freeipa/issue/8647
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>