Bluetooth: Prevent bonding to the same device more than once

This change prevents two local identities from having bonds to the same
device.

The Core specification is not well suited for Zephyr's multiple-local-
identities feature. The HCI specification seems written with intent that
a controller is used for only one GAP device. A GAP device has at most
one public address, and at most one random static address.

The Zephyr Bluetooth API, on the other hand, has a concept of local
identities. This feature allows the Zephyr Bluetooth stack to
simulatainously assume multiple local addresses. This does not mesh well
with the above intent in the specification.

In particular, the HCI specification for the resolve list does not allow
more than one entry for a remote address. The controller will deny any
attempts at doing this.

The current implementation of the Zephyr host will try the above and be
denied. But there is no handling for this situation and the host ends up
in a confused state. Some parts of the system are ok with the two bonds,
but other parts assume this situation never occurs behave badly.

The result is that the host confuses the multiple bonds to the same
device. Symtoms include:

- Directed advertisements have a different source address than what the
  host intended, in which case the two sides are confused about the
  address of the Zephyr advertiser, and as a result LTKs will not match.

- Errors in the log.

This commit simply asserts. This is not a solution, just a placeholder
for a fix. The next commit will implement a strategy for handling this
situation instead of failing this assert.

Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>