net: coap: Validate token length in coap_header_get_token()

In theory, coap_header_get_token() should only be used on already parsed
packets, and coap_packet_parse() would detect an invalid token length in
a packet. Coverity however complains about possible out-of-bound access,
as in theory the function can return token length up to 15. Therefore
add an extra validation of the token length within the function, to
avoid out-of-bound access due to programming errors and to make Coverity
happy.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>