High: pacemaker-fenced: fix easily plausible NULL pointer dereference

Previously, making pacemaker-fenced segfault was as easy as:

stonith_admin -R whatever

i.e., without "-a AGENT" specification, resulting in:

<st_device_id id="whatever" st_origin="create_device_registration_xml">
  <attributes/>
</st_device_id>

stonith operation message internally.

Note that the respective CLI interface is relevant to "stand-alone"
modes of execution with pacemaker-fenced, as opposed to full-fledged
pacemaker run, but the danger of accidental misuse is imminent
regardless.

Also note that going forward, we would be better off declaring what
the valid messages like this are, reusing already existing RelaxNG
schema based infrastructure. Amongst others, it would also alleviate
the needs for otherwise extremely hefty reverse engineering, and
allow to follow the compatibility guarantees easily. It would
also allow us to gradually drop clumsy ad-hoc parse-time checks
when the validation gets moved over to the sending side (when
this circumstance is somehow indicated to the sender).