Bluetooth: Mesh: Null check buf before unref

The frnd->last buffer can potentially be NULL if friend_clear is called
after the adv.c buf->busy check, but before the adv_start callback.
The current design is based on the adv.c thread being cooperative, and
therefore not yielding between the busy check and the adv_start
callback, but as the bt_le_adv_start call has to acquire a semaphore,
there's a possibility for friend_clear being called inbetween.

Fixes #26177.

Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>