ipsec: T1210: add "unique" option to specify how to handle multiple connections

Connection uniqueness policy to enforce. To avoid multiple connections from the
same user, a uniqueness policy can be enforced.

• never: never enforce such a policy, even if a peer included INITIAL_CONTACT notification
• keep: reject new connection attempts if the same user already has an active connection
• replace: delete any existing connection if a new one for the same user gets established

To compare connections for uniqueness, the remote IKE identity is used. If EAP
or XAuth authentication is involved, the EAP-Identity or XAuth username is used
to enforce the uniqueness policy instead.