MFC (conceptually) r327991, r328009: Don't clobber FDT enroute to the kernel

This is a direct commit to stable/11 due to path changes that have occured
in HEAD. The diffs remain the same, but rebased against their old locations.

MFC r327991: stand/fdt: don't send clobbered FDT to the kernel

If fdt_overlay_apply fails at some stage to apply the overlay to the base,
both the base and overlay may be in an inconsistent state (some fixups
applied, some phandles adjusted, some symbols merged). These can be bad for
a number of reasons, to include user frustration if some fixups applied and
not others. Fail a little safer by making a clean copy of the base FDT for
every overlay that we can simply discard if things go awry.

This also allows us the luxury of simply discarding overlays if we hit some
kind of memory limit or if they're malformed and extremely large for some
reason. We'll now leave a nice error message indicating that some overlays
could not be applied due to size restrictions and we apply what we can.

I note that our overlay implementation has some flaws that might still leave
your system in an unbootable state even if an overlay applies correctly;
please exercise caution in using overlays until we can swap it out for
libfdt's implementation.

MFC r328009: stand/fdt: Don't leak next_fdtp if we fail to open overlay