While the current approach for garbage collection in the 6Lo reassembly
buffer is good for best-effort handling of
*fragmented* packets and nicely RAM saving, it has the problem that
incomplete, huge datagrams can basically DoS a node, if no further
fragmented datagram is received for a while (since the packet buffer is
full and GC is not triggered).

This change adds a asynchronous GC (utilizing the existing
functionality) to the reassembly buffer, so that even if there is no new
fragmented packet received, fragments older than `RBUF_TIMEOUT` will be
removed from the reassembly buffer, freeing up the otherwise wasted
packet buffer space.

Without this fix the listener doesn't actually listen on the
(potentially) ephemeral port introduced in #9382, but on port 0 which is
wrong.

Since IPHC also manipulates the total number of bytes of a received
datagram (by decompressing it), this also needs to be exposed. I guess
I was too focused on introducing a *generic* packet buffer for a future
virtual reassembly buffer (where it isn't needed, but so isn't `pkt` to
be honest), that I totally forgot about it in #9352.

This fixes an alignment issue I encountered in the static version of
the packet buffer.

The bug is caused by a race-condition where a certain order of
operations leads to a chunk being released according to the
byte-alignment of the platform, but overlapping potential space for
a future `_unused_t` struct e.g. (x mark allocated regions):

                    Future leak of size sizeof(_unused_t)       Time
                    v                                            |
    +------------+-----+--------------------+                    |
    |xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|                    +
    +------------+-----+--------------------+                    |
                                                                 |
    +------------+--+--+--------------------+                    |
    |               |xxxxxxxxxxxxxxxxxxxxxxx|                    +
    +------------+--+--+--------------------+                    |
                                                                 |
    +-----+------+--+--+--------------------+                    |
    |xxxxx|         |xxxxxxxxxxxxxxxxxxxxxxx|                    +
    +-----+------+--+--+--------------------+                    |
                                                                 |
    +-----+------+-----+---------+----------+                    |
    |xxxxx|                      |xxxxxxxxxx|                    +
    +-----+------+-----+---------+----------+                    |
                                                                 |
    +-----+------+-----+--------------------+                    |
    |xxxxx|      |xxxxxxxxxxxxxxxxxxxxxxxxxx|                    +
    +-----+------+-----+--------------------+                    |
                                                                 |
    +------------+-----+--------------------+                    |
    |xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|                    +
    +------------+-----+--------------------+                    |
                                                                 |
    +------------+-----+--------------------+                    |
    |xxxxxxxxxxxxxxxxxx|                    |                    +
    +------------+-----+--------------------+                    |
                                                                 |
    +------------+-----+--------------------+                    |
    |            |xxxxx|                    |                    +
    +------------+-----+--------------------+                    |
                                                                 v

Sadly, I wasn't able to create a reproducable unittest that show-cases
this corner-case, since I don't understand the order of operations that
cause this one 100%, but the bug is reproducable (but also not
reliably) by sending large (i.e. fragmented) packets to a 6Lo-enabled
host from more than 1 host simultaneously (use `gnrc_pktbuf_cmd` to
check).

By making the size of `_unused_t` the only condition for alignment,
this bug is fixed.

This refactors the `gnrc_sixlowpan_frag` module for the API proposed
in #8511.

The `ctx` for `gnrc_sixlowpan_frag_send()` is required to be a
`gnrc_sixlowpan_msg_frag_t` object, so IPHC can later on use it to
provide the *original* datagram size (otherwise, we would need to adapt
the API just for that, which seems to me as convoluted as this
proposal).

I also provide an expose function with a future possibility to provide
more than just one `gnrc_sixlowpan_msg_frag_t` object later on (plus
having cleaner module separation in general).

Without this fix RPL might crash when the packet buffer is full.

While working on #9352 I noticed that the order of members in the
`gnrc_sixlowpan_msg_frag_t` struct costs us 4 bytes in RAM due to byte
alignment. This PR fixes the order of members, so they are the most
packed.

This exposes the parts of the reassembly buffer to be usable as context
as proposed in #8511.

I only exposed *parts of* for two reasons:

1. I don't need to expose further types (like `rbuf_int_t`), that are
   not of interest outside of fragmentation.
2. This allows for an easy future extension for the virtual reassembly
   buffer as proposed in [[1]].

This makes this change a little bit more involved, because instead of
just renaming the type, I also need to add the usage of the `super`
member, but I think in the end this little preparation work will be
beneficial in the future.

[1]: https://tools.ietf.org/html/draft-watteyne-6lo-minimal-fragment-01#section-3

`GNRC_IPV6_NIB_RTR_TIMEOUT` [expects a default router entry][doc] as
context, so using the `netif` here is clearly wrong. This causes the
hardfault described in #9297.

[doc]: http://doc.riot-os.org/group__net__gnrc__ipv6__nib.html#ga1c7e892ef6533f699c4e64737c2847c2

Otherwise, it may happen that `::` or a global address is chosen by
the IPv6 header fill function. Both types of addresses are
[not valid for RAs](https://tools.ietf.org/html/rfc4861#section-4.2)

Parts of [RFC4862] were already implemented when NDP via the NIB was
first implemented. This change just includes the DAD portion of
[RFC4862]. This should be enough to make RIOT fully RFC4862 compliant.

[RFC4862]: https://tools.ietf.org/html/rfc4862

Currently, `gnrc_pktdump` only prints the header part of a snip.
However, if the snip wasn't parsed yet by the corresponding GNRC
module (or the module doesn't exist because the node is e.g. just a
forwarder), additional data might not be printed.

This makes it hard to analyze the data properly (sometimes you not only
want to know where the IPv6 packet is supposed to go, you also want to
know what's in it). So this just prints the rest of the snip as a hex
dump.

The "new" forwarding table does not update an old route but just adds
another as long as it is not *exactly* the same. However, the RPL
adaptation missed to remove the old route so RPL got easily confused
about where it actually needed to send packets.

RFC 2460 was obsoleted by RFC 8200. This PR changes the references
around, so we don't reference an obsoleted RFC ;-).

Also I'm moving these references from the old-style HTML-like format
to the newer-style Markdown-like format.

Without this commit it doesn't build because addr_str isn't defined when
ENABLE_DEBUG is not set.

This issue was introduced in: c001e14f

If the payload length is zero and the next header field is not set to
NONXT, GNRC will interpret the current header as the payload because the
first snip is always interpreted as the payload. This can lead to loops
and or crashes.

When the payload length of an encapsulated IPv6 packet is 0, the
`_receive` function of IPv6 can be given a NULL pointer, causing the
IPv6 header checker to crash because of a NULL pointer dereference.