Fix crash in HFP client's +COPS parsing code.

If the Audio Gateway sends a malformed +COPS message (an operator
name > 16 characters) then the %n in sscanf format specifier is
ignored and sscanf will not assign a value to the appropriate
argument.

In such a case, the existing code will perform pointer arithmetic
using an uninitialized stack variable as an offset which may result
in pointing to an invalid memory address. When that memory is
subsequently dereferenced, we observe a crash.

This change ensures that the stack does not crash even if an invalid
+COPS message is sent from the Audio Gateway.

Bug: 24871011
Change-Id: I9bb42c75bcd90487831fc6950c571c87098559e7