bluetooth: host: gatt: fix null-ptr access if no include-svc userdata

- Issue: There is a bus-fault while accessing empty userdata structure
  pointer if application does not include any include service
  userdata instance (which consist of UUID list of included service)
  but service array has defined dummy entry for it assumed to be
  overridden by app during initial flow.
- For example, the issue has happened in case of tmap-central sample
 without "CONFIG_BT_OTS" support. there are some MCS attributes
 dependent on OTS service because of that
 "BT_GATT_INCLUDE_SERVICE(NULL)" entry is added as part of service
 definition. The given entry does not have userdata handler defined
 and is expecting to be overriden by the app if it will be included.
 During "bt_mcs_init()" call, "mcs.attrs[i].user_data" is not
 populated with any attr-instance pointer. This makes CPU to access
 null-address during reading local-database include-service attribute
 which was not provided by the app but the include-service entry was
 added to the db.
- Fix: Adding condition to check if user-data has null address, and
 returning back to avoid any hard-faults.

Signed-off-by: Nirav Agrawal <nirav.agrawal@nxp.com>