kernel-netlink: Allow reqid updates for policies again

kernel-netlink: Allow reqid updates for policies again

This was originally added with 1551d8b13d14 ("kernel-netlink: reject
policy refcount if the reqid differs").  Since then we added code to
allocate constant reqids for the same TS, which pretty much avoids the
previous issues.

However, the reqid might have to be changed due to MOBIKE updates. And
because reqids are allocated for a complete set of traffic selectors and
not individual pairs, this can create a problem with drop policies as
those will use the old reqid (they are installed with the same priority,
reqid etc. to replace the actual IPsec policies), while unmodified
replacement policies will use the new one.  A similar issue exists for
CHILD_SAs with SELinux contexts as those all use duplicate policies (same
generic label) but can't all be updated concurrently.