tcp: improve SEG.ACK validation in SYN-RECEIVED

According to the fifth step in SEGMENT ARRIVES, send a RST segment in
response to an ACK segment which fails the SEG.ACK check, but leave
the endpoint state unchanged.
FreeBSD handles this correctly when entering the SYN-RECEIVED state via
the SYN-SENT state, but not in the SYN-cache code, which handles the
SYN-RECEIVED state via the LISTEN state.

This also fixes a panic reported by Alexander Leidinger.

Reviewed by: jtl, glebius
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D52934