[crypto] fix nss crypto buffer boundaries usage

this issue was detected by temporary increasing knet header size
for debugging purposes, and was generating incorrect crypto data
by PK11_CipherOp because the new size was overriding the old data.

this issue does not affect onwire_v1 or stable1 as it is.

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>