Add an SPF record for the listserv

Recently, Gmail has started to rate-limit deliveries from our
mailing list server, with this message:

    SMTP error from remote mail server after end of data: This mail
    has been rate limited because it is unauthenticated. Gmail
    requires all senders to authenticate with either SPF or DKIM.

According to https://support.google.com/mail/answer/81126 also:

    Starting February 2024, Gmail will require the following for
    senders who send 5,000 or more messages a day to Gmail accounts:
    Authenticate outgoing email, avoid sending unwanted or
    unsolicited email, and make it easy for recipients to
    unsubscribe.

In order not to place undue additional load on our MTA's deferral
queue, adding a neutral SPF rule is nicer than unsubscribing and
blocking all Gmail users. A simple "a" rule should suffice, since we
don't relay through any smarthost currently. Set the TTL to 5
minutes for now, in case we need to make rapid adjustments to this
policy in the near future.

Change-Id: I388de615035156bc277ff1e1b11ac2bc0346cb27

zones/zuul-ci.org/zone.db

@@ -2,7 +2,7 @@
 $ORIGIN zuul-ci.org.
 $TTL 1h
 @		IN	SOA	adns02.opendev.org. hostmaster.openstack.org. (
-			1700006781  ; serial number unixtime
+			1701787210  ; serial number unixtime
 			1h          ; refresh (secondary checks for updates)
 			10m         ; retry   (secondary retries failed axfr)
 			10d         ; expire  (secondary ends serving old data)
@@ -19,6 +19,7 @@ ns2		IN	AAAA	2604:e100:1:0:f816:3eff:fe53:ee69
 ; We use address records for lists01.opendev.org here instead of a CNAME
 lists		IN	A	162.209.78.70
 lists		IN	AAAA	2001:4800:7813:516:be76:4eff:fe04:5423
+lists	300	IN	TXT	"v=spf1 a ?all"
 _acme-challenge.lists	IN	CNAME	acme.opendev.org.
 www		IN	CNAME	static.opendev.org.
 git		IN	CNAME	static.opendev.org.