GP server may send only a Legacy IP client address, but both Legacy and IPv6 magic...

GP server may send only a Legacy IP client address, but both Legacy and IPv6 magic addresses for ESP

In this corner case, we need to use the Legacy IP magic address.  The
inverse corner case would be if the server sends ESP ping magic addresses of
both types, but only sends an IPv6 client address; we were already handling
that one correctly, because we had observed that GlobalProtect servers
require the client to use the IPv6 magic ping address if they want to send
both IPv6 and Legacy IP traffic.

The easiest and most straightforward way to handle all these cases robustly
is simply to save both versions of the ESP magic address, just as we save
both versions of the client address, until after we have parsed the whole
config. At that point we decide which ESP magic address should be used.

See logs attached to
https://lists.infradead.org/pipermail/openconnect-devel/2024-July/005447.html
for an example of this:

    POST https://vpnhost.example.com/ssl-vpn/getconfig.esp
    …
    <               <gw-address>REDACTEDIPV4ADDRESS7</gw-address>
    <               <gw-address-v6>REDACTEDIPV6ADDRESS7</gw-address-v6>
    <               <ipv6-connection>no</ipv6-connection>
    <               <ip-address>REDACTEDIPV4ADDRESS0</ip-address>
    <               <netmask>255.255.255.255</netmask>
    …
    <               <ipsec>…</ipsec>
    Did not receive ESP keys and matching gateway in GlobalProtect config; tunnel will be TLS only.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>