Do not allow to activate session multiple times

Otherwise it will add the session to the channel multiple times
which leads to an infinite loop during cleanup.

See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5576

Credit to oss-fuzz

src/server/ua_services_session.c

@@ -260,8 +260,19 @@ Service_ActivateSession(UA_Server *server, UA_SecureChannel *channel,
         UA_LOG_INFO_SESSION(server->config.logger, session,
                             "ActivateSession: Detach from old channel");
         UA_Session_detachFromSecureChannel(session);
+        session->activated = false;
     }
 
+    if (session->activated) {
+        UA_LOG_INFO_SESSION(server->config.logger, session,
+                            "ActivateSession: SecureChannel %i wants "
+                                    "to activate, but the session is already activated",
+                            channel->securityToken.channelId);
+        response->responseHeader.serviceResult =
+                UA_STATUSCODE_BADSESSIONIDINVALID;
+        return;
+
+    }
     /* Attach to the SecureChannel and activate */
     UA_Session_attachToSecureChannel(session, channel);
     session->activated = true;