libceph: check reply num_data_items in setup_request_data()

libceph: check reply num_data_items in setup_request_data()

setup_request_data() adds message data items to both request and reply
messages, but only checks request num_data_items before proceeding with
the loop.  This is wrong because if an op doesn't have any request data
items but has a reply data item (e.g. read), a duplicate data item gets
added to the message on every resend attempt.

This went unnoticed for years but now that message data items are
preallocated, it promptly crashes in ceph_msg_data_add().  Amend the
signature to make it clear that setup_request_data() operates on both
request and reply messages.  Also, remove data_len assert -- we have
another one in prepare_write_message().

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>