added a flag allow_lookup_failure to CAA check parameters

[sciros]

This pull request introduces support for handling DNS lookup failures during CAA checks, in accordance with updated Baseline Requirements, and improves error handling and test coverage for the CAA checking logic. It also bumps the API specification and package version. The main changes are grouped below.

CAA Lookup Failure Handling and Error Management:

• Added allow_lookup_failure boolean parameter to CaaCheckParameters, enabling certain DNS lookup failures (e.g., timeouts, no nameservers) to be treated as valid for certificate issuance when explicitly allowed. [1] [2]
• Refactored error handling in check_caa and find_caa_records_and_domain to distinguish between error types, log errors, and allow issuance for specific DNS failures if permitted by parameters. (F58c2971L57R57, [1] [2]

Testing Enhancements:

• Added and updated unit tests to cover new logic for allow_lookup_failure, including parametrized tests for different DNS error types and validation of error messages in responses. [1] [2]
• Improved test coverage for default CAA domains and error scenarios, ensuring correct behavior for both allowed and disallowed lookup failures. [1] [2]

Version Updates:

• Bumped spec_version in pyproject.toml from 3.5.0 to 3.6.0 to reflect API changes.
• Updated package version in __about__.py from 6.0.0 to 6.1.0.

[birgelee]

Looks good