Bluetooth: conn: check for disconnected earlier when sending

Verify the connection is active before popping the buffer from the TX
queue.

The current behavior enables a race condition between `create_frag` and
the connection being torn down, as `buf` can be popped from the TX queue
but not destroyed by `bt_conn_process_tx`.

In that case, `buf` will be leaked.

Original analysis and fix proposal by @watsug.

Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Reported-by: Adam <Augustyn&lt;watsug@gmail.com>