Add missing expire_timer_context in ssh2_transport_free.

This should have been moved over from the main ssh_free function back
when I did the original splitting-up of ssh.c: the transport layer
schedules a timer for rekeying (and also for GSSAPI credential
checks), so when it's freed, it needs to ensure the timer doesn't get
called anyway on a stale pointer.

Two users reported this in the form of an assertion failure in
conf_get_int (when ssh2_transport_timer asks for CONF_ssh_rekey_time,
if the tree234 call inside conf_get_int is confused by the contents of
the freed memory into returning failure). In other circumstances (if
the freed memory has different contents) it manifests as a segfault,
but it's the same underlying bug either way.

ssh2transport.c

@@ -215,6 +215,8 @@ static void ssh2_transport_free(PacketProtocolLayer *ppl)
     strbuf_free(s->outgoing_kexinit);
     strbuf_free(s->incoming_kexinit);
     ssh_transient_hostkey_cache_free(s->thc);
+
+    expire_timer_context(s);
     sfree(s);
 }