Use correct answerbox to answer IPC_M_PHONE_HUNGUP in kbox thread

Use correct answerbox to answer IPC_M_PHONE_HUNGUP in kbox thread

When ipc_kbox_cleanup() slams the phones connected to the kbox, it
requests answerbox notification. To that end,
ipc_answerbox_slam_phones() allocates a new IPC_M_PHONE_HUNGUP call per
each slammed phone and sends it directly to its own kbox. The allocation
of the call structure happens in the context of the debugee, not the
debugger, so call->callerbox is wrong because it is initialized with
&TASK->answerbox. This causes confusion in _ipc_answer_free_call()
invoked from kbox_proc_phone_hungup(), which picks a wrong answerbox for
the answer. The debugger, in turn, never sees the call answered and
lingers in its own ipc_cleanup() forever.

We correct this by allowing call->callerbox to be NULL, in which case
_ipc_answer_free_call() will use call->sender->answerbox instead.