kern: fix a panic in crcopysafe() found by syzkaller

crcopysafe() attempts to crextend() the new ucred's group allocation
with the number of allocated group slots (cr_asize) from the ucred to
copy rather than the latter's actual number of supplementary groups.
However, the number of allocated group slots can exceed ngroups_max
for certain values of it (because of rounding to the next power-of-2 or
page on allocation), making crextend() trip on a check that the passed
value should be lower than ngroups_max.

This was not a problem before be1f7435ef218b1 because the effective max
storage was NGROUPS_MAX + 1 (1024) to account for the egid being
included in cr_groups. Now that we're back down to NGROUPS_MAX, the max
allocation will tend to be 1024 and exceed our max groups.

Switch crcopysafe() to extend until we have enough allocated to fit
the previous group set, and call crextend() with the number of groups
that the old ucred had. This avoids relying on implementation details
of crextend() up-sizing our requests and ensures we only have as large
of an allocation as we need to fulfill the request.

Reviewed by: olce
Reported by: syzbot+4e68da43c26f357a2b7e@syzkaller.appspotmail.com
Fixes: be1f7435ef218b1 ("kern: start tracking cr_gid outside [...]")
Differential Revision: https://reviews.freebsd.org/D51660