ssh: fix double-free caused by compat_kex_proposal()

Security: CVE-2023-25136
Obtained from: OpenSSH-portable commit 12da78233364
Sponsored by: The FreeBSD Foundation

(cherry picked from commit fe1371e8f3d7336748d291a7360b2aacce943fb1)
(cherry picked from commit 296ec8eae0c834088a491643a937d881bfb4b5dd)