Don't send informational responses before we're having the key material.
iked starts sending keepalive messages after authentication and after
successfully completing the handshake. Other implementations, like
we've seen on Microsoft Azure, start sending keepalive messages right
after receiving the first SA_INIT message when they set up the key
material, even before we received the SA_INIT response to complete the
DH exchange. The solution is to ignore early keepalive messages
before we're ready to encrypt our response, in the transition between
SA_INIT and AUTH. The peer should still accept one or more missed
keepalives.
OK mikeb@
UnifiedSplitRaw
