Factor out ieee80211_probereq_ie() and ieee80211_probereq_ie_len()
and make the length dynamic rather than static max. The latter is
needed as out current fixed length was longer than some "hw scan",
e.g. that of ath10k, will take. This way we can pass what we have.
Should this not be sufficient in the future we might have to deal
with filtering and much more error handling.
This also removes a duplicate calculation for ieee80211_ie_wpa .
Repoprted also by: Martin Husemann <martin NetBSD.org> 
Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate")
Reviewed by: ...