nfs_clsubs.c: Fix ncl_getcookie() when "pos" is negative

In ncl_getcookie(), a very large value for "off" for
a directory can result in "pos" being set to a bogus
value (including a negative one), due to truncation.
When "pos" is negative, is can skip past the
while (pos >= NFSNUMCOOKIES) loop and return a
bogus pointer instead of NULL.

This patch changes the type to u_int and also adds
a sanity check for a very large "off" to ensure that
a NULL pointer is returned for this case.

This bug has been in the code for decades and I am
not aware of any report of it causing a problem for
users.

Reviewed by: markj
Reported by: Joshua Rogers of AISLE Research Team
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D56779