[media] v4l2-ctrls: fix integer overflow in v4l2_g_ext_ctrls()

A large cs->count from userspace may overflow the allocation size,
leading to memory corruption.  v4l2_g_ext_ctrls() can be reached
from subdev_do_ioctl() or __video_do_ioctl().

Use kmalloc_array() to avoid the overflow.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>