Fail if multiple DMARC records are present

[adhilto]

🗣 Description

Make it so that the SCuBA Gmail policies relating to DMARC and SPF will fail if multiple DMARC records are returned.

I also tweaked the DNS table formatting so that it's a little easier to see when a query returns multiple DNS records.

💭 Motivation and context

Closes #849

🧪 Testing

• Updated the unit tests so that multiple DMARC records are returned in some cases. Those cases are now appropriately handled and the existing test cases still pass.
• I added a new domain to our test tenant and configured it with multiple DMARC records

Reviewers should:

• Review code changes to ensure changes look correct
• Verify that the unit tests are passing
• Run ScubaGoggles manually to verify that the new domain I added for testing is failing and that the other domains are unaffected by this change.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• If applicable, All future TODOs are captured in issues, which are referenced in the PR description.
• The relevant issues PR resolves are linked preferably via closing keywords.
• All relevant type-of-change labels have been added.
• I have read and agree to the CONTRIBUTING.md document.
• These code changes follow cisagov code standards.
• All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
• Tests have been added and/or modified to cover the changes in this PR.
• All new and existing tests pass.

✅ Pre-merge Checklist

• This PR has been smoke tested to ensure main is in a functional state when this PR is merged.
• Squash all commits into one PR level commit using the Squash and merge button.

✅ Post-merge Checklist

• Delete the branch to clean up.
• Close issues resolved by this PR if the closing keywords did not activate.

[mitchelbaker-cisa]

Looks good, tested with an additional domain that had two DMARC records. Gmail 4.1-4.4 collectively fail if two DMARC records are set, pass if one DMARC record is set with all required fields.

One addition I think would be helpful is clarifying text in the report details column to indicate a domain is failing because two records are set. E.g., "2 DMARC records are set for somedomain.com. See DMARC table below for more details."

[mitchelbaker-cisa]

Tested SPF updates as well, fails for two SPF records and passes when one field is correctly set.

[adhilto]

Looks good, tested with an additional domain that had two DMARC records. Gmail 4.1-4.4 collectively fail if two DMARC records are set, pass if one DMARC record is set with all required fields.

One addition I think would be helpful is clarifying text in the report details column to indicate a domain is failing because two records are set. E.g., "2 DMARC records are set for somedomain.com. See DMARC table below for more details."

I just added this for DMARC:

I'll defer the SPF one for the issue we have for improving the report details for SPF.