bhyve: avoid buffer overflow in pci_vtcon_control_send

The program copies an input buffer to an output buffer without verifying
that the size of the input buffer is less than the size of the output
buffer, leading to a buffer overflow.

Inside the function pci_vtcon_control_send, the length of the iov buffer
is not validated before copy of the payload.

Reported by: Synacktiv
Reviewed by: markj
Security: HYP-19
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46105

(cherry picked from commit 8934002959e02bcf5e3262730c3a731af95afb15)

This is a follow-up to the fix for HYP-19, addressing another condition
where an overflow might still occur. (Spotted by jhb@, thanks!)

Reported by: Synacktiv
Reviewed by: markj
Security: HYP-19
Sponsored by: Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46882

(cherry picked from commit b34a4edefb0a40ced9b17ffd640f52fe55edc1f5)