netfilter: conntrack: switch to siphash and include zone id in hash again

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2030759 Conflicts: cherry-picks Tested: selftest scripts included in this mr

Make following changes:

1. include the zone id in the conntrack hash value again. Without this, hash chains can grow up to 64k in size if tuples overlap.
2. introduce an internal upperlimit on the hash chain size. Inserts fail if bucket is too large. Also add stat counter for this.
3. replace use of jhash with siphash.
4. make udp flows assured only once the udp "connection" is treated as a udp stream (as opposed to say, a dns query).

Signed-off-by: Florian Westphal fwestpha@redhat.com