(ipsec) CI: always check for XFRM errors

The no-ipsec-xfrm-error connectivity test currently is fine-tuned to being used in combination with the conn-disrupt testing. Collecting XFRM errors before & after the conn-disrupt run, and confirming that no non-negligible errors have occured (eg. during a Cilium upgrade or IPsec key rotation).

But even without conn-disrupt testing it makes sense to check for XFRM errors, similar as we check for packet drops or warnings/errors in the logs.