[1611] added a note about how to identify whether zone is signed with NSEC(3)

in the database zone finder.  right now it's a TODO and the current
implementation is a kind of workaround.

src/lib/datasrc/database.cc

@@ -704,6 +704,9 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
     // For wildcard case with DNSSEC required, the caller would need to know
     // whether it's NSEC or NSEC3 signed.  So we need to do an additional
     // search here, even though the NSEC RR may not be returned.
+    // TODO: this part should be revised when we support NSEC3; ideally we
+    // should use more effective and efficient way to identify (whether and)
+    // in which way the zone is signed.
     if (wild && (options & FIND_DNSSEC) != 0 &&
         found.second.find(RRType::NSEC()) != found.second.end()) {
         flags = flags | RESULT_NSEC_SIGNED;