Add support for fallthrough to the grpc plugin (#7359)

Fixes: https://github.com/coredns/coredns/issues/7358

Signed-off-by: Blake Barnett <bbarnett@groq.com>

plugin/grpc/README.md

@@ -33,6 +33,7 @@ grpc FROM TO... {
     tls CERT KEY CA
     tls_servername NAME
     policy random|round_robin|sequential
+    fallthrough [ZONES...]
 }
 ~~~
 
@@ -54,6 +55,12 @@ grpc FROM TO... {
   but they have to use the same `tls_servername`. E.g. mixing 9.9.9.9 (QuadDNS) with 1.1.1.1
   (Cloudflare) will not work.
 * `policy` specifies the policy to use for selecting upstream servers. The default is `random`.
+* `fallthrough` **[ZONES...]** If a query results in NXDOMAIN from the gRPC backend, pass the request
+  to the next plugin instead of returning the NXDOMAIN response. This is useful when the gRPC backend
+  is authoritative for a zone but should not return authoritative NXDOMAIN responses for queries that
+  don't actually belong to that zone (e.g., search path queries). If **[ZONES...]** is omitted, then
+  fallthrough happens for all zones. If specific zones are listed, then only queries for those zones
+  will be subject to fallthrough.
 
 Also note the TLS config is "global" for the whole grpc proxy if you need a different
 `tls-name` for different upstreams you're out of luck.
@@ -137,6 +144,17 @@ Forward requests to a local upstream listening on a Unix domain socket.
 }
 ~~~
 
+Proxy requests for `example.org.` to a gRPC backend, but fallthrough to the next plugin for NXDOMAIN responses to handle search path queries correctly.
+
+~~~ corefile
+example.org {
+    grpc . 127.0.0.1:9005 {
+        fallthrough
+    }
+    forward . 8.8.8.8
+}
+~~~
+
 ## Bugs
 
 The TLS config is global for the whole grpc proxy if you need a different `tls_servername` for