bluez: malicious USB devices can steal Bluetooth link keys over HCI using fake BD_ADDR

We discussed this vulnerability during Episode 139 on 25 April 2022

BlueZ would identify bluetooth controllers based purely on their self-reported BD_ADDR (the bluetooth version of a MAC address). A malicious device could identify with an existing BD_ADDR and obtain the link key for that device.