Fix OVS connection tracking in networkpolicy plugin

[danwinship]

In a last-minute attempt to get Services mostly-working before submitting the original NetworkPolicy PR, I ended up breaking almost everything else. This fixes it again.

(The difference between actions=ct(commit),goto_table:81 and the fixed actions=ct(commit,table=81) is that former ensures that the packet is tracked but then continues in table 81 with the original (unset) value of ct_state, while the latter ensures that the packet is tracked and then continues in table 81 with ct_state having been filled in from conntrack. In particular, this fixes it so that when a reply comes to a pod-to-pod connection, the ct_state=+trk+est rule will match and accept it regardless of other policies. So without the fix, any test where a pod has to send a reply to a pod it would otherwise be unable to talk to will fail.)

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1419393 and https://bugzilla.redhat.com/show_bug.cgi?id=1419469

@openshift/networking PTAL

[pravisankar]

LGTM

[knobunc]

LGTM

[knobunc]

[merge]

[openshift-bot]

Evaluated for origin merge up to e0e118a

[openshift-bot]

[Test]ing while waiting on the merge queue

[openshift-bot]

Evaluated for origin test up to e0e118a

[openshift-bot]

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13654/) (Base Commit: 2bf65d4)

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13685/) (Base Commit: 71a4378) (Image: devenv-rhel7_5872)