smbd: reset dangling watch_req pointer in poll_open_done

smbd: reset dangling watch_req pointer in poll_open_done

We just freed subreq and a pointer to subreq is stored in open_rec->watch_req,
so we must invalidate the pointer.

Otherwise if the poll open timer fires it will do a

  TALLOC_FREE(open_rec->watch_req);

on the dangling pointer which may crash or do something worse like freeing some
other random talloc memory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>