mgmt/osdp: discard secure channel if KEYSET is ACKed in plaintext

HID readers are responding to a KEYSET command with an ACK in plaintext
instead of using the current session keys to acknowledge this command
(which is the reasonable thing to do as the command itself was received
encrypted with the old key). Since the spec doesn't say anything about
this, both methods are technically correct.

Make changes to CP so it allows ACKs in plaintext for KEYSET command in
particular and make the PD implementation do this too as it makes the code
look cleaner there (perhaps HID did it for the same reasons :D).

Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>