Bluetooth: ATT: Fix crash if bt_l2cap_send_cb fails

This fixes a regression introduced by
10841b9a as it did remove a call to
net_buf_ref which was used not only to keep a reference for resending
but also to prevent bt_l2cap_send_cb to unref the buffer in case it
fails.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>