Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early

Not calling hci_(dis)connect_cfm before deleting conn referred to by a
socket generally results to use-after-free.

When cleaning up SCO connections when the parent ACL is deleted too
early, use hci_conn_failed to do the connection cleanup properly.

We also need to clean up ISO connections in a similar situation when
connecting has started but LE Create CIS is not yet sent, so do it too
here.

Fixes: ca1fd42e ("Bluetooth: Fix potential double free caused by hci_conn_unlink")
Reported-by:  <syzbot+cf54c1da6574b6c1b049@syzkaller.appspotmail.com>
Closes: https://lore.kernel.org/linux-bluetooth/00000000000013b93805fbbadc50@google.com/


Signed-off-by: Pauli Virtanen <pav@iki.fi>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>