When Vultr's API returns "Duplicate records are not allowed" on
DomainRecord.Create, find the existing record by name+type and update
it instead of failing. This prevents ACME certificate issuance from
breaking when stale _acme-challenge TXT records survive a Caddy
restart.
Also fix record lookup in removeDNSRecord and updateDNSRecord to
match by name+type+data instead of name-only or data-only, avoiding
deletion of the wrong record when multiple records share the same
name (common with _acme-challenge across LE and ZeroSSL issuers).
Use comma-ok type assertions throughout to prevent panics if the
record type invariant is ever broken. Extract the Vultr error
string to a named constant. Document the mutex contract.
