dns: add edns0 and trust-ad options when using local resolver

EDNS(0) is not enabled by default in glibc because the option has interoperability issues with some DNS servers. dnsmasq and systemd-resolved don't have such problems.

Enable the option automatically when using a local resolver so that the data provided via EDNS(0) (e.g. SSH fingerprints or DNSSEC information) is available to applications.

While at it, also enable 'trust-ad', as otherwise glibc (from version 2.31) strips the AD bit from responses [1].

systemd-resolved also adds both flags to resolv.conf when using the stub resolver [2].

