efi/preinstall: Check that TPM's platform hierarchy is disabled or has an authorization value

[chrisccoulson]

The TPM's platform hierarchy is under the control of the platform firmware. Before executing any third-party code, the platform firmware should prevent use of the platform hierarchy by the OS, by doing one of the following:

• Set the authorization value for the platform hierarchy to a random value with TPM2_HierarchyChangeAuth
• Disable the platform hierarchy with TPM2_HierarchyControl

These are both reset on the next TPM restart or reset.

The pre-install checks should test for this and return an appropriate error if the platform firmware is not behaving as expected.