scan: Always allocate results->bss_list

Instead of creating the results->bss_list l_queue lazily, always create
one before sending the GET_SCAN command.  This is to make sure that an
empty list is passed to the scan callback (e.g. in station.c) instead of
a NULL.  Passing NULL has been causing difficult to debug crashes in
station.c, in fact I think I've been seeing them for over a year now
but can't be sure.  station_set_scan_results has been taking ownership
of the new BSS list and, if station->connected_bss was not on the list,
it would try to add it not realizing that l_queue_push_tail() was doing
nothing.  Always passing a valid list may help us prevent similar
problems in the future.

The crash might start with:
==120489== Invalid read of size 8
==120489==    at 0x425D38: network_bss_select (network.c:709)
==120489==    by 0x415BD1: station_try_next_bss (station.c:2263)
==120489==    by 0x415E31: station_retry_with_status (station.c:2323)
==120489==    by 0x415E31: station_connect_cb (station.c:2367)
==120489==    by 0x407E66: netdev_connect_failed (netdev.c:569)
==120489==    by 0x40B93D: netdev_connect_event (netdev.c:1801)
==120489==    by 0x40B93D: netdev_mlme_notify (netdev.c:3678)

src/scan.c

@@ -1448,9 +1448,6 @@ static void get_scan_callback(struct l_genl_msg *msg, void *user_data)
 
 	l_debug("get_scan_callback");
 
-	if (!results->bss_list)
-		results->bss_list = l_queue_new();
-
 	bss = scan_parse_result(msg, &wdev_id);
 	if (!bss)
 		return;
@@ -1694,6 +1691,7 @@ static void scan_notify(struct l_genl_msg *msg, void *user_data)
 		results->sc = sc;
 		results->time_stamp = l_time_now();
 		results->sr = sr;
+		results->bss_list = l_queue_new();
 
 		scan_parse_new_scan_results(msg, results);