bus: Make setting/replacing/clearing the sync handler thread-safe
Previously we would use the object lock only for storing the sync handler and its user_data in a local variable, then unlock it and only then call the sync handler. Between unlocking and calling the sync handler it might be unset and the user_data be freed, causing it to be called with a freed pointer.
To prevent this add a refcounting wrapper struct around the sync handler, hold the object lock while retrieving it and increasing the reference count and only actually free it once the reference count reaches zero.
As a side-effect we can now also allow to actually replace the sync handler. Previously it was only allowed to clear it after initially setting it according to the docs, but the code still allowed to clear it and then set a different one.
Fixes #506 (closed)