ssh: fix double-free caused by compat_kex_proposal()

Approved by: so
Security: FreeBSD-SA-23:02.openssh
Security: CVE-2023-25136
Obtained from: OpenSSH-portable commit 12da78233364
Sponsored by: The FreeBSD Foundation

(cherry picked from commit fe1371e8f3d7336748d291a7360b2aacce943fb1)
(cherry picked from commit 296ec8eae0c834088a491643a937d881bfb4b5dd)
(cherry picked from commit 2caac96a666ce99703b16e4d59a417bab8f91d3c)