FWG status will be overided by mutilple l2 agent

Currently, we support VM port/router port to apply fwg. So we deep into L2 and L3 agent implementation to process the associated port for fwg.

For this bug, I will raise an example:

Server side set fwg status
--------------------------------
http://git.openstack.org/cgit/openstack/neutron-fwaas/tree/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#n79

L3 agent FW extension for "create_firewall_group"
------------------------------------
http://git.openstack.org/cgit/openstack/neutron-fwaas/tree/neutron_fwaas/services/firewall/agents/l3reference/firewall_l3_agent_v2.py#n387

L2 agent FW extension for "_create_firewarll_group"
------------------------------------
http://git.openstack.org/cgit/openstack/neutron-fwaas/tree/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py#n263

That means there is a case that the fwg status could be overrided.
1. port A, port B, they are in the same subnet, and its gw port is GW
2. Port A is VM A's nic, Port B is VM B's nic.
3. VM A locates on compute Node X, VM B locates on compute Node Y.
4. Create a FWG and its ingress/egress policy/rules with port A, B, GW

So the server side will fanout the rpc to agent side, including l2/l3 agent. Then the agent side will process its local port and set the fwg status through rpc to server. But existing server code just update the status if the request status is not PENDING status. It will be in a wrong way to process the status, if there are 2 rpc to set status from agent to server, the first one is ERROR, the second one is ACTIVE. The status is overrided.