kldxref: Avoid buffer overflows in parse_pnp_list

We convert a string like "W32:vendor/device" into "I:vendor;I:device",
where the output is longer than the input, but only allocate space equal
to the length of the input, leading to a buffer overflow.

Instead use open_memstream so we get a safe dynamically-grown buffer.

Found by: CHERI
Reviewed by: imp, jhb (mentor)
Approved by: imp, jhb (mentor)
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D26637