mesh: Fix key refresh procedure

Key refresh procedure was ignored on non-primary subnet.

Mesh Profile Specification v1.0.1:
3.10.4 Key Refresh procedure
"This procedure is used when the security of one or more network
keys and/or one or more of the application keys has been compromised
or could be compromised."

"It is possible to update each NetKey independently of all other
NetKeys. A Key Refresh procedure for one NetKey can be in a different
phase to another Key Refresh procedure for other NetKeys."

Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>

subsys/bluetooth/mesh/beacon.c

@@ -334,6 +334,13 @@ static void secure_beacon_recv(struct net_buf_simple *buf)
 
 	cache_add(data, sub);
 
+	kr_change = bt_mesh_kr_update(sub, BT_MESH_KEY_REFRESH(flags), new_key);
+	if (kr_change) {
+		bt_mesh_net_beacon_update(sub);
+		/* Key Refresh without IV Update only impacts one subnet */
+		bt_mesh_net_sec_update(sub);
+	}
+
 	/* If we have NetKey0 accept initiation only from it */
 	if (bt_mesh_subnet_get(BT_MESH_KEY_PRIMARY) &&
 	    sub->net_idx != BT_MESH_KEY_PRIMARY) {
@@ -352,17 +359,9 @@ static void secure_beacon_recv(struct net_buf_simple *buf)
 
 	iv_change = bt_mesh_net_iv_update(iv_index, BT_MESH_IV_UPDATE(flags));
 
-	kr_change = bt_mesh_kr_update(sub, BT_MESH_KEY_REFRESH(flags), new_key);
-	if (kr_change) {
-		bt_mesh_net_beacon_update(sub);
-	}
-
 	if (iv_change) {
 		/* Update all subnets */
 		bt_mesh_net_sec_update(NULL);
-	} else if (kr_change) {
-		/* Key Refresh without IV Update only impacts one subnet */
-		bt_mesh_net_sec_update(sub);
 	}
 
 update_stats: