api: Don't nest TLS sessions

According to the NBD protocol, a client should not send a second
NBD_OPT_STARTTLS request after one succeeds; but we allow this for
corner-case testing of server response.  If the server doesn't
actually reject the nested request, move the connection to DEAD
because we don't support it.

Fixes: 53617c92 ("api: Add nbd_aio_]opt_starttls")