Rework the sec-mod instance <-> worker association

I add this issue to the backlog to track the potential fix/improvement that could be made on the "sec-mod instances" and "workers" association mentioned by @nmav in this comment. Feel free to rephrase if something is unclear/inaccurate. This is the opportunity to brainstorm a solution.

Description of problem:

Load-balancing of clients among sec-mod instances is done via the client source IP. On client's re-connection (with that same source IP), it allows to redirect the client on the right sec-mod instance containing all information about the user/session.

The main drawback of doing the load-balancing via the source IP is that users behind a same public IP (i.e. NAT, which could be more or less frequent) will be mapped to the same sec-mod instance, and result in an uneven load-balancing across sec-mod instances.

One attempt has been to make the load-balancing according the source IP AND the source port used, however this caused other problems for user reconnection: as they always use a different source port, they were mapped to a sec-mod different than the one who initiated the session, breaking session data communication, and caused the following issue #541 (closed).