Add dynamic_kenv assertion to init_static_kenv

Both to formally document the requirement that this not be called after the
dynamic kenv is setup, and to perhaps help static analyzers figure out
what's going on. While calling init_static_kenv this late isn't fatal, there
are some caveats that the caller should be aware of:

• Late calls are effectively a no-op, as far as default FreeBSD is

concerned, as everything will switch to searching the dynamic kenv once it's
available.

• Each of the kern_getenv calls will leak memory, as it's assumed that

these are searching static environment and allocations will not be made.

As such, this usage is not sensible and should be detected.