cryptex: interaction with header extension encryption

[fippo]

@pabuhler I ran into an issue with the interaction between cryptex and "legacy" rtp header extension encryption in libWebRTC.
https://mailarchive.ietf.org/arch/msg/avt/h3l1ZBxxRX9-aTvvDsXLR2gEHho/
has details.

In libWebRTC I do not set the srtp policy's

    policy.enc_xtn_hdr = <pointer to list of ids>
    policy.enc_xtn_hdr_count = <length of that list>

if cryptex is enabled which makes it work. Seems like a footgun for implementers though since this could get out of sync.
Happy to take a stab at doing that inside libSRTP

[pabuhler]

@fippo in #790 there is a specific check to ensure that both are not configured, b40766c also some documentation in f343b25 .

This is a creation time config only check, could add something similar to the 2_x_dev branch, or did you mean more than just this?

[fippo]

so iiuc the 3.x decision is to reject? Works too as it lets users catch errors earlier than what I saw. Shall I do a 2.x backport?

[pabuhler]

If you like that would be good.

[pabuhler]

merged backport