bluetooth: hci_raw: avoid possible memory overflow in bt_buf_get_tx()

Function bt_buf_get_tx(), which is used to allocate buffer from
fixed-size pool, does not check size argument before copying
the data with the length size into fixed-size buffer, wich may
not be large enough.

Check immediately before copying if the tailroom of the buffer
is large enough.

Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no>