sysctl net.inet.tcp.ktlslist: do not rely on global generation for ktls sessions

Disallow parallel executions for the sysctl, which makes it possible to
have the generation count for the sysctl requests itself instead of for the
sessions. When the first pass over inpcbs is done, assign them the
request' gen count. On the second pass, only externalize the inpcbs
with ktls sessions which gen count is equal to the current request.

This way, we can be sure that the second pass does not copy out more
inpcbs than was counted for in the first pass, while eliminating the
global atomic op during ktls session creation.

Requested by: gallatin
Reviewed by: gallatin, markj
Sponsored by: NVidia networking
Differential revision: https://reviews.freebsd.org/D51000