Support sending validation request to PrivateDnsConfiguration

Extend PrivateDnsConfiguration to support validation request.

The request is deniable. If the request is denied, no validation
starts. Callers can know if requests are accepted by the return
value of the call.

This change also extends DnsTlsServer to store the mark used by
validation, which helps on preventing running validation with
an unexpected socket mark and resulting in updating wrong validation
state.

Bug: 79727473
Test: cd packages/modules/DnsResolver && atest
Change-Id: Ib92f6b4dd94ed426bf28cb9756d1514e34f16140