cryptosoft: Avoid referencing end-of-buffer cursors

Once a crypto cursor has reached the end of its buffer, it is invalid to
call crypto_cursor_segment() for at least some crypto buffer types.
Reorganize loops to avoid this.

Fixes: cfb7b942bed7 ("cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.")
Fixes: a221a8f4a0de ("cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.")
Fixes: f8580fcaa1e1 ("cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.")
Fixes: 5022c68732e6 ("cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.")
Reported and tested by: madpilot
Discussed with: jhb
Sponsored by: The FreeBSD Foundation