when suggesting CAA records for a domain, suggest variants that bind to the account id and with validation methods used by mox

should prevent potential mitm attacks. especially when done close to the
machine itself (where a http/tls challenge is intercepted to get a valid
certificate), as seen on the internet last month.

testdata/integration/moxacmepebble.sh

@@ -25,7 +25,7 @@ sed -i -e 's/moxtest1@mox1.example: nil/moxtest1@mox1.example: nil\n\t\t\tpostfi
 
 (
 	cat /integration/example.zone;
-	sed -n '/^;/,/CAA /p' output.txt |
+	sed -n '/^;/,/will be suggested/p' output.txt |
 		# allow sending from postfix for mox1.example.
 		sed 's/mox1.example.  *TXT "v=spf1 mx ~all"/mox1.example. TXT "v=spf1 mx ip4:172.28.1.70 ~all"/'
 ) >/integration/example-integration.zone

testdata/integration/moxmail2.sh

@@ -23,7 +23,8 @@ TLS:
 EOF
 
 # A fresh file was set up by moxacmepebble.
-sed -n '/^;/,/CAA /p' output.txt >>/integration/example-integration.zone
+sed -n '/^;/,/will be suggested/p' output.txt >>/integration/example-integration.zone
+
 unbound-control -s 172.28.1.30 reload # reload unbound with zone file changes
 
 mox -checkconsistency serve &