Goal: 

Integrate gophercloud to query the Designate API for two critical operations: (1) verify whether a pool contains active DNS zones before allowing pool removal, and (2) retrieve TSIG keys for multipool authentication configuration. This enables safe pool lifecycle management and automated TSIG secret generation.

Acceptance Criteria:

Zone Validation:

  - Verify gophercloud client initialization follows openstack-k8s-operators patterns
  - Verify function queries Designate zones API for zones associated with a specific pool ID
  - Verify pool removal (orphaned StatefulSet) is blocked when active zones exist in that pool
  - Verify API errors are handled gracefully with appropriate logging and status conditions

TSIG Key Querying (Custom Implementation):

  - Verify TSIG keys can be listed and filtered by pool resource_id (UUID)

  - Verify TSIG keys are being managed in a fully automated way in migrations (single pool to multipool and vice versa)
  - Verify TSIG key details (name, algorithm, secret) are extracted correctly
  - Verify error handling for missing TSIG keys or API failures