Prohibit some RDAP domain and nameserver lookups by nameserver name

We had been allowing lookups by nameserver name using a wildcard and suffix if the suffix was a domain name. That's ok if the domain name is one we manage, but doesn't work efficiently otherwise. A lookup of ns*.zombo.com would require us to search for all nameservers beginning with ns (which could be almost all of them), then loop through until we found those ending with .zombo.com. So we are going to prohibit suffixes after the TLD unless the suffix is an in-bailiwick domain.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=168835732

javatests/google/registry/rdap/RdapNameserverSearchActionTest.java

@@ -239,10 +239,13 @@ public class RdapNameserverSearchActionTest {
   }
 
   @Test
-  public void testNonexistentDomainSuffix_notFound() throws Exception {
+  public void testNonexistentDomainSuffix_unprocessable() throws Exception {
     assertThat(generateActualJsonWithName("exam*.foo.bar"))
-        .isEqualTo(generateExpectedJson("No nameservers found", "rdap_error_404.json"));
-    assertThat(response.getStatus()).isEqualTo(404);
+        .isEqualTo(
+            generateExpectedJson(
+                "A suffix after a wildcard in a nameserver lookup must be an in-bailiwick domain",
+                "rdap_error_422.json"));
+    assertThat(response.getStatus()).isEqualTo(422);
   }
 
   @Test