DEFAULT policy: Drop DH < 2048 bits, TLS 1.0, 1.1, SHA-1
    
    make the NEXT policy just an alias for DEFAULT as they are now identical
    policies: introduce sha1_in_dnssec value for BIND
    add SHA1 and FEDORA32 policy modules to provide backwards compatibility
      they can be applied as DEFAULT:SHA1 or DEFAULT:FEDORA32
    avoid duplicates of list items in resulting policy