Import DTLS sliding window validation from OpenConnect ESP code

In this implementation, the end of the sliding window is always advanced to the latest received packet, and we accept up to 64 packets before that one. We no longer refuse to accept packets because they are too far ahead of what we've already seen.

Some of the test cases are fixed up accordingly.

This matches the code in OpenConnect esp-seqno.c at commit ab2c4fc.