layers/ipsec: fix iv handling in special modes

There is a distinction to be made between the IV generated using
CryptAlgo.generate_iv and the IV given as argument to the cipher mode in
CryptAlgo.new_cipher.

The first one is random string which is sent with the ESP packet (first
bytes of the data field). The cipher mode only affects the size of the
string in our implementation (some modes like GCM may implement a
counter instead of pure random).

And the second is a combination of the salt, the ESP iv and possibly other
things. This can vary a lot depending on the mode.

Add an attribute to CryptAlgo to give a function computing this "second"
IV based on SA information.

Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>