BUG/MEDIUM: mux-quic: fix segfault on flow-control frame cleanup

BUG/MEDIUM: mux-quic: fix segfault on flow-control frame cleanup

LIST_ELEM macro was incorrectly used in the loop when purging
flow-control frames from qcc.lfctl.frms on MUX release. This caused a
segfault in qc_release() due to an invalid quic_frame pointer instance.

The occurence of this bug seems fairly rare. To happen, some
flow-control frames must have been allocated but not yet sent just as
the MUX release is triggered.

I did not find a reproducer scenario. Instead, I artificially triggered
it by inserting a quic_frame in qcc.lfctl.frms just before purging it in
qc_release() using the following snippet.

        struct quic_frame *frm;
        frm = pool_zalloc(pool_head_quic_frame);
        LIST_INIT(&frm->reflist);
        frm->type = QUIC_FT_MAX_DATA;
        frm->max_data.max_data = 0;
        LIST_APPEND(&qcc->lfctl.frms, &frm->list);

This should fix github issue #1747.

This must be backported up to 2.6.