ng_hci: Add sockaddr validation to sendto()

ng_btsocket_hci_raw_send() wasn't verifying that the destination address
specified by sendto() is large enough to fill a struct sockaddr_hci.
Thus, when copying the socket address into an mbuf,
ng_btsocket_hci_raw_send() may read past the end of the input sockaddr
while copying.

In practice this is effectively harmless since
ng_btsocket_hci_raw_output() only uses the address to identify a
netgraph node.

Reported by: Oliver Sieber <oliver@secfault-security.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation