🐞 "_acme-challenge" subdomains have special NS records

This is a bug fix to the previous release, which didn't delegate the subdomains properly.

Technical details:

When querying for a record with _acme-challenge. and an embedded IP address, we mistakenly responded with an answer with the authoritative flag set and the SOA record in the Authorities section. But that was wrong: we should NOT have set the authoritative flag, and we should have included the NS record, not the SOA record, in the Authorities section.

Additional Notes

Although it may seem incongruous to bump a major version for a bug fix, in this case it's appropriate, for it reflects a major re-write of the code (which had become too rigid to accommodate our requirements). We've also included a fairly rigorous set of integration tests, and deprectated some of the baroque and overly-complex unit tests.