sa_ktls and sa_cipher (KTLS_CIPHER_AES_GCM_128)

I like the approach with fixed values (that's a type-safe userspace API), however it may cause upstream opposition. Be prepared to be asked to use directly the "rfc5288(gcm(aes))" string from userspace. There are good arguments to not use it (such as ability to change the internal API, and type safety).
