secchan: Validate subrules before attempting to dereference their super-rules.

secchan: Validate subrules before attempting to dereference their super-rules.

rule_make_actions() is supposed to compose the datapath actions for an
exact-match rule, and to do so it needs to look up the super-rule (if the
rule is a subrule).  The "super" pointer might be set to UNKNOWN_SUPER,
though, and before this commit that would cause a segfault.

This commit modifies the callers of rule_make_actions() to ensure that
the rule passed in can never have a "super" of UNKNOWN_SUPER.  In most
cases, this was already impossible (e.g. we're passing in a new rule that
we just added to the table), but in two cases where the rule was obtained
from a bare classifier lookup we needed to validate the rule before
attempting to use it.

Fixes a crash reported by Keith.