device: fix races from changing private_key

Access keypair.sendNonce atomically.
Eliminate one unnecessary initialization to zero.

Mutate handshake.lastSentHandshake with the mutex held.

Co-authored-by: David Anderson <danderson@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>

device/send.go

@@ -403,7 +403,7 @@ NextPacket:
 				// check validity of newest key pair
 
 				keypair = peer.keypairs.Current()
-				if keypair != nil && keypair.sendNonce < RejectAfterMessages {
+				if keypair != nil && atomic.LoadUint64(&keypair.sendNonce) < RejectAfterMessages {
 					if time.Since(keypair.created) < RejectAfterTime {
 						break
 					}