DEFAULT policy: Drop DH < 2048 bits, TLS 1.0, 1.1, SHA-1
make the NEXT policy just an alias for DEFAULT as they are now identical
policies: introduce sha1_in_dnssec value for BIND
add SHA1 and FEDORA32 policy modules to provide backwards compatibility
they can be applied as DEFAULT:SHA1 or DEFAULT:FEDORA32
avoid duplicates of list items in resulting policy