hpt{nr,rr}: plug info leak in hpt_ioctl

The hpt{nr,rr} ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.

Also zero bytesReturned in case it is not written by hpt_do_ioctl().

The hpt27{nr,rr} device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.

The same issue was reported in the hpt27xx driver by Ilja Van Sprundel.

Reviewed by: jhb, kib
MFC after: 3 days
Sponsored by: The FreeBSD Foundation