bypass: really bypass udp flow from first packet

[catenacyber]

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7053

Describe changes:

• bypass: really bypass udp flow from first packet

SV_BRANCH=OISF/suricata-verify#1870

[catenacyber]

SV test would show
flow.state as "bypassed"
and stats having
"local_bypassed": 1

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.84%. Comparing base (daa6f6f) to head (07066c9).
Report is 6 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #11182       +/-   ##
===========================================
- Coverage   82.93%   74.84%    -8.09%     
===========================================
  Files         942      875       -67     
  Lines      250797   144738   -106059     
===========================================
- Hits       207994   108331    -99663     
+ Misses      42803    36407     -6396     

Flag	Coverage Δ
fuzzcorpus	61.30% <100.00%> (-0.02%)	⬇️
livemode	18.78% <100.00%> (-0.01%)	⬇️
pcap	44.58% <100.00%> (-0.06%)	⬇️
suricata-verify	61.62% <100.00%> (+0.17%)	⬆️
unittests	?

Flags with carried forward coverage won't be shown. Click here to find out more.

[suricata-qa]

Information: QA ran without warnings.

Pipeline 20876

[victorjulien]

should we flag the packet as part of an established flow in this case, as we do on line 486?

[catenacyber]

I guess so.

We have

1. UDP from client to server, nothing special
2. UDP from server to client, we trigger a bypass rule that FlowUpdateState(FLOW_STATE_LOCAL_BYPASSED), and in later processing, we call FlowHandlePacketUpdate that also sees the flow as established...

[catenacyber]

Rebased in #11287