Describe the bug

When modifying value for TXT entries which have an API token associated with them, the token gets removed, thus breaking the entry for clients which had the token configured in them.

Common usecase are records for ACME challenges. That involves setting the key manually - since HEDNS provider does not expose the API token manipulation to the DSL. However, after the entry gets updated by a client while issuing a certificate, the value stays, and next dnscontrol apply shows a diff that tells the value will be reset (which is fine since the cert most likely had been already issued).

However, besides resetting the TXT value itself, it also kills the token. Which is a bug.

I am aware IGNORE() exists, however, I believe that modifying an entry with dnscontrol should preserve its other properties that it isn't capable of managing.

To Reproduce

Steps to reproduce the behavior:

1. Create a record and mark it as dynamic manually in the Web panel (sad noises)

2. Set a key for the entry manually in the Web panel (:/)

3. Define the entry for dnscontrol

    , TXT("_acme-challenge.test.subdomain", "", TTL(300))

4. Run dnscontrol apply - no changes pending, all good

5. Have an ACME client use the entry and not clean up after itself (which is quite common)

6. Run dnscontrol apply:

...
2 corrections (hedns)
#1: ± MODIFY _acme-challenge.test.subdomain.example.com TXT ("a11yqD7I6p0-Z4OH-sp20UkrJs-ORyeo-JjJ5-L0alU" ttl=300) -> ("" ttl=300)
...

7. Observe broken entry
   Here, the updated entry lost its "dynamic" status and the associated key.

Expected behavior

TXT value is reset; dynamic status for the entry remains and the key is not changed.

DNS Provider

• HEDNS