audio/AVCTP: Fix connecting browsing channel multiple times

While accepting the connection via DEFER_SETUP a second connection can
be created by using avctp_connect_browsing which will not detect one is
in course as the state has not yet changed, this can cause memory leaks
or crashes as the following:

profiles/audio/avctp.c:avctp_confirm_cb() AVCTP: incoming connect from XX:XX:XX:XX:XX:XX
profiles/audio/avctp.c:avctp_set_state() AVCTP Browsing Connecting
profiles/audio/avctp.c:avctp_connect_browsing_cb() AVCTP Browsing: connected to XX:XX:XX:XX:XX:XX
profiles/audio/avctp.c:avctp_set_state() AVCTP Browsing Connected
profiles/audio/avctp.c:avctp_connect_browsing_cb() AVCTP Browsing: connected to XX:XX:XX:XX:XX:XX
profiles/audio/avctp.c:avctp_set_state() AVCTP Browsing Connected
profiles/audio/avctp.c:session_browsing_cb() AVCTP Browsing: disconnected
profiles/audio/avctp.c:avctp_set_state() AVCTP Connected
Invalid read of size 8
   at 0x41EB28: session_browsing_cb (avctp.c:842)
   by 0x32F5447E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x32F5448157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x32F5448559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x40A28F: main (main.c:583)
 Address 0x20 is not stack'd, malloc'd or (recently) free'd

profiles/audio/avctp.c

@@ -1328,8 +1328,10 @@ static void avctp_browsing_confirm(struct avctp *session, GIOChannel *chan,
 	}
 
 	if (bt_io_accept(chan, avctp_connect_browsing_cb, session, NULL,
-								&err))
+								&err)) {
+		avctp_set_state(session, AVCTP_STATE_BROWSING_CONNECTING);
 		return;
+	}
 
 	error("Browsing: %s", err->message);
 	g_error_free(err);