nvme: sanitize metadata bounce buffer for reads

mainline inclusion
from mainline-v6.1-rc1
commit 2b32c76e
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I8UJF0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b32c76e2b0154b98b9322ae7546b8156cd703e6



----------------------------------------

User can request more metadata bytes than the device will write. Ensure
kernel buffer is initialized so we're not leaking unsanitized memory on
the copy-out.

Fixes: 0b7f1f26 ("nvme: use the block layer for userspace passthrough metadata")
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Kanchan Joshi <joshi.k@samsung.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>

Conflicts:
  Commit 2405252a ("nvme: move the ioctl code to a separate file") move
  nvme_add_user_metadata() from drivers/nvme/host/core.c to
  drivers/nvme/host/ioctl.c;
  Commit 38c0ddab ("nvme: refactor nvme_add_user_metadata") changed to
  use REQ_OP_DRV_OUT to identify the write request.
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>