Bluetooth: host: df: fix wrong connectionless CTE enable cmd length

There were a bug in a prepare_cl_cte_rx_enable_cmd_params function.
The size of command buffer was wrong when CTE enabled in AoD mode.
The command buffer was extended by param->num_ant_ids, that was
zero in case of AoD. Then a dummy antenna switch pattern was copied
into the command buffer.

That lead to: memory overwrite, and wrong command buffer length.
The command was rejected by Controller.

To fix, use cp->switch_pattern_len that was already assigned with
correct antenna pattern length.

Signed-off-by: Piotr Pryga <piotr.pryga@nordicsemi.no>