SecurityPkg: Measure Invoke EBS even in failure case

[os-d]

Description

This patch measures the ExitBootServices invocation to the TPM even in the case of ExitBootServices failing, per TCG PC Client Platform Firmware Profile Version 1.06 Revision 52 Family 2.0 section 8.2.4(i): https://trustedcomputinggroup.org/wp-content/uploads/TCG-PC-Client-Platform-Firmware-Profile-Version-1.06-Revision-52_pub-2.pdf, which reads:

If ExitBootServices() is invoked, then an EV_EFI_ACTION event “Exit Boot Services Invocation” MUST 
be measured. The return value of ExitBootServices() MUST be reflected in a measured event, into 
PCR[5], as either “Exit Boot Services Returned with Failure” or “Exit Boot Services Returned with 
Success”, depending upon the return code from the ExitBootServices() call.

Currently edk2 only measures the invocation of ExitBootServices in the success case, which is not in line with the TCG spec.

Resolved bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=2753.

• [ ] Breaking change?
  • Breaking change - Does this PR cause a break in build or boot behavior?
  • Examples: Does it add a new library class or move a module to a different repo.
• [ ] Impacts security?
  • Security - Does this PR have a direct security impact?
  • Examples: Crypto algorithm change or buffer overflow fix.
• [ ] Includes tests?
  • Tests - Does this PR include any explicit test code?
  • Examples: Unit tests or integration tests.

How This Was Tested

Booted on many different physical and virtual platforms that have been shipping for years.

Integration Instructions

N/A.

[os-d]

@jyao1 and @rahul1-kumar, gentle ping to please review.

[os-d]

@jyao1 and @rahul1-kumar, pinging again to review, please. This was opened prior to soft freeze and fixes a spec breaking issue, can you please review in time for the stable tag?

[os-d]

@jyao1 @rahul1-kumar can you please review?

@mdkinney, can you help review this PR? It has been sitting for a couple weeks.