Bluetooth: SMP: Fix crash when using KeyboardOnly capabilities

This fix crash due to calling auth callback from wrong pointer.
get_io_capa was using bt_smp_io_capa instead of structure provided
in argument. This resulted in checking NULL pointer for provided
callbacks. By coincident this always returned
BT_SMP_IO_KEYBOARD_DISPLAY (first 8 bytes in memory were non-zero)
and resulted in calling callback from NULL address if application
didn't provided passkey_display or passkey_entry callbacks.

btshell>
bt: bt_smp_connected (0x00115360): conn 0x00111788 handle 73
bt: bt_att_connected (0x00115360): conn 0x00111788 handle 73
bt: bt_gatt_connected (0x00115360): conn 0x00111788
Connected: 20:68:9D:60:A1:E4 (public)
bt: bt_smp_recv (0x00115360): Received SMP code 0x01 len 7
bt: smp_pairing_req (0x00115360):
bt: smp_init (0x00115360): prnd 8773a11cde889e1b7397064527a5469d
***** Unhandled exception/interrupt occurred! *****
Current thread ID = 0x00115360
Faulting instruction address = 0x00111788
Fatal fiber error! Aborting fiber.

Change-Id: Ic297603a3fbc8bd741d5110c01bef61f7dda1d6f
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>