ipsec: fix instance, and cli del for new ipsec interface

- use user instance number in interface name

Restore the behavior of previous versions where the IPsec tunnel
interface name contained the value of the user-provided instance number.
For example, a command similar to

	create ipsec tunnel local-ip . . . instance 5

would result in the creation of interface "ipsec5".

- ipsec: delete tunnel protection when asked

The "ipsec tunnel protect" command will parse a "del" argument but does
not undo the tunnel protection, leaving the SAs hanging around with
reference counts that were incremented by a previous invocation of the
command. Allow the tunnel protection to be deleted and also update the
help text to indicate that deletion is an option.

- test: ipsec: add test for ipsec interface instance

Also cleanup (unconfig) after TestIpsecItf4 NULL algo test.

Type: fix
Fixes: dd4ccf2623 ("ipsec: Dedicated IPSec interface type")
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: Idb59ceafa0633040344473c9942b6536e3d941ce

test/vpp_ipsec.py

@@ -376,16 +376,17 @@ class VppIpsecInterface(VppInterface):
     VPP IPSec interface
     """
 
-    def __init__(self, test, mode=None):
+    def __init__(self, test, mode=None, instance=0xffffffff):
         super(VppIpsecInterface, self).__init__(test)
 
         # only p2p mode is supported currently
         self.mode = (VppEnum.vl_api_tunnel_mode_t.
                      TUNNEL_API_MODE_P2P)
+        self.instance = instance
 
     def add_vpp_config(self):
         r = self.test.vapi.ipsec_itf_create(itf={
-            'user_instance': 0xffffffff,
+            'user_instance': self.instance,
             'mode': self.mode,
         })
         self.set_sw_if_index(r.sw_if_index)