if_tuntap: defer transient destroy_dev() to a taskqueue

We're in the dtor, so we can't destroy it now without deadlocking after
recent changes to make destroy_dev() provide a barrier. However, we
know there isn't any other dtor to run, so we can go ahead and clean up
our state and just prevent a use-after-free if someone races to open
the device while we're trying to destroy it. tunopen() now uses the
net epoch to protect against softc release by a concurrent
tun_destroy().

While we're here, allow a destroy operation to proceed if we caught a
signal in cv_wait_sig() but tun_busy dropped to 0 while we were waiting
to acquire the lock.

This was more of an inherent design flaw, rather than a bug in the
below-refed commit.

Reviewed by: kib, markj

(cherry picked from commit 96c1d8db39dfeea78ea3f27d67649252a39bbf2e)