loader-protocol: NULL output variable in load_image on failure

Ensure we don't leave the image protocol installed if there
is a failure (e.g.: security violation) in the return
variable that the user gave us

Follow-up for 774f226

Author: bluca

loader-proto.c

@@ -328,6 +328,13 @@ shim_load_image(BOOLEAN BootPolicy, EFI_HANDLE ParentImageHandle,
 	return EFI_SUCCESS;
 
 free_alloc:
+	BS->UninstallMultipleProtocolInterfaces(ImageHandle,
+	                                &SHIM_LOADED_IMAGE_GUID, image,
+	                                &EFI_LOADED_IMAGE_GUID, &image->li,
+	                                &gEfiLoadedImageDevicePathProtocolGuid,
+					image->loaded_image_device_path,
+					NULL);
+	*ImageHandle = NULL;
 	free_pages_alloc_image(image);
 free_image:
 	if (image->loaded_image_device_path)