ike-sa-manager: Fix races when changing initiator SPI of an IKE_SA

ike-sa-manager: Fix races when changing initiator SPI of an IKE_SA

Removing and readding the entry to a potentially different row/segment,
while driving out waiting and new threads, could prevent threads from
acquiring the SA even if they were waiting to check it out by unique
ID (which doesn't change), or if they were just trying to enumerate it.
With this change the row and segment doesn't change anymore and waiting
threads may acquire the SA. However, those looking for an IKE_SA by SPIs
might get one back that has a different SPI (but that's probably not
something that happens very often this early).

This was noticed because we check out SAs by unique ID in the Android
app to terminate them after failed retransmits if we are not reestablishing
the SA (otherwise we continue), and this sometimes failed.

Fixes: eaedcf8c0054 ("ike-sa-manager: Add method to change the initiator SPI of an IKE_SA")