Remove _Nonnull attributes from user addresses arguments for

copyout(9) family.

The addresses are user-controllable, and if the process ABI allows
mapping at zero, then the zero address is meaningful, contradicting
the definition of _Nonnull.  In any case, it does not require any
special code to handle NULL udaddr.

It is not clear if __restrict makes sense as well, since kaddr and
udaddr point to different address spaces, so equal numeric values of
the pointers do not imply aliasing and a legitimate.  But leave it for
later.

copyinstr(9) does not have its user address argument annotated.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week

sys/sys/systm.h

@@ -277,14 +277,14 @@ int	copystr(const void * _Nonnull __restrict kfaddr,
 int	copyinstr(const void * __restrict udaddr,
 	    void * _Nonnull __restrict kaddr, size_t len,
 	    size_t * __restrict lencopied);
-int	copyin(const void * _Nonnull __restrict udaddr,
+int	copyin(const void * __restrict udaddr,
 	    void * _Nonnull __restrict kaddr, size_t len);
-int	copyin_nofault(const void * _Nonnull __restrict udaddr,
+int	copyin_nofault(const void * __restrict udaddr,
 	    void * _Nonnull __restrict kaddr, size_t len);
 int	copyout(const void * _Nonnull __restrict kaddr,
-	    void * _Nonnull __restrict udaddr, size_t len);
+	    void * __restrict udaddr, size_t len);
 int	copyout_nofault(const void * _Nonnull __restrict kaddr,
-	    void * _Nonnull __restrict udaddr, size_t len);
+	    void * __restrict udaddr, size_t len);
 
 int	fubyte(volatile const void *base);
 long	fuword(volatile const void *base);