net80211: fix use-after-free in frame defragmentation procedure.

• Assign frame sequence/fragment number before frame concatenation;

otherwise, frame header pointer (wh) will be invalid.

• Move this code block upper and eliminate duplicate 'lwh = mtod()'

assignment.

Tested with wpi(4) (transmitter) (STA mode) and urtwn(4) (receiver)
(HOSTAP mode).