Get trust anchor via unbound-checkconf(8)

This tool knows our default config path and '-o auto-trust-anchor-file'
prints the actually set path, if any, regardless of whether exists.

Use that to generate it rather than a best-effort grep/hardcoded path.

OK sthen

etc/rc.d/unbound

@@ -1,6 +1,6 @@
 #!/bin/ksh
 #
-# $OpenBSD: unbound,v 1.8 2024/09/23 20:44:24 kn Exp $
+# $OpenBSD: unbound,v 1.9 2024/10/09 15:42:56 kn Exp $
 
 daemon="/usr/sbin/unbound"
 daemon_flags="-c /var/unbound/etc/unbound.conf"
@@ -8,8 +8,9 @@ daemon_flags="-c /var/unbound/etc/unbound.conf"
 . /etc/rc.d/rc.subr
 
 rc_pre() {
-	if grep '^[[:space:]]*auto-trust-anchor-file:' \
-            /var/unbound/etc/unbound.conf > /dev/null 2>&1; then
+	local _anchor=$(/usr/sbin/unbound-checkconf -o auto-trust-anchor-file)
+
+	if [[ -n $_anchor && ! -f $_anchor ]]; then
 		/usr/sbin/unbound-anchor -v
 	fi