feat: Add BIND 9.20 forwarders configuration support

- Update forwarders template with enhanced functionality
- Add molecule test cases for forwarders validation
- Update options and zone templates for compatibility

molecule/default/verify.yml

@@ -0,0 +1,21 @@
+---
+- name: Verify forwarders configuration
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Read named.conf.options
+      ansible.builtin.slurp:
+        src: /etc/bind/named.conf.options
+      register: forwarders_file
+
+    - name: Assert forwarders render with port and tls
+      ansible.builtin.assert:
+        that:
+          - forwarders_content is search('forwarders port 853 tls common-upstream \{')
+          - forwarders_content is search('192.0.2.10 port 5353 tls leaf-a;')
+          - forwarders_content is search('2001:db8::10 tls dual-stack;')
+          - forwarders_content is search('198.51.100.10 tls dual-stack;')
+          - forwarders_content is search('203.0.113.10;')
+        fail_msg: "Forwarders block missing expected port/tls entries"
+      vars:
+        forwarders_content: "{{ forwarders_file.content | b64decode }}"