Bluetooth: fixing null-pointer dereference in l2cap channel destroyer

During local testing with UBSAN enabled, warning was reported:
bluetooth/host/l2cap.c:980:25: runtime error: member access
within null pointer of type 'struct k_work_q'

It turned out that le_chan->rtx_work.queue can be NULL.
Since null-pointer dereference is a UB, additional check
was added to ensure we don't access
`le_chan->rtx_work.queue->thread` when
`le_chan->rtx_work.queue == NULL`

The same changes applied to l2cap_br.c

Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no>