Bluetooth: Host: Validate security on GATT subscription

Core Specification 5.3 clarified security requirements for GATT client
when handling incoming notifications and indications.

Vol 3: Part C: 10.3.2.2:
"...Since the configuration is persistent across a disconnection and
reconnection, the client shall check the security requirements against
the configuration upon a reconnection before processing any indications
or notifications from the server. Any notifications received before
the security requirements are met shall be ignored. Any indications
received before the security requirements are met shall be confirmed
and then discarded. ..."

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>