shared/tpm2-util: Fix "Error: Esys invalid ESAPI handle (40000001)" warning
    
    systemd-cryptenroll complains (but succeeds!) upon binding to a signed PCR
    policy:
    
    $ systemd-cryptenroll --unlock-key-file=/tmp/passphrase --tpm2-device=auto
      --tpm2-public-key=... --tpm2-signature=..." /tmp/tmp.img
    
    ERROR:esys:src/tss2-esys/esys_iutil.c:394:iesys_handle_to_tpm_handle() Error: Esys invalid ESAPI handle (40000001).
    WARNING:esys:src/tss2-esys/esys_iutil.c:415:iesys_is_platform_handle() Convert handle from TPM2_RH to ESYS_TR, got: 0x40000001
    ERROR:esys:src/tss2-esys/esys_iutil.c:394:iesys_handle_to_tpm_handle() Error: Esys invalid ESAPI handle (40000001).
    WARNING:esys:src/tss2-esys/esys_iutil.c:415:iesys_is_platform_handle() Convert handle from TPM2_RH to ESYS_TR, got: 0x4000000
    New TPM2 token enrolled as key slot 1.
    
    The problem seems to be that Esys_LoadExternal() function from tpm2-tss
    expects a 'ESYS_TR_RH*' constant specifying the requested hierarchy and not
    a 'TPM2_RH_*' one (see Esys_LoadExternal() -> Esys_LoadExternal_Async() ->
    iesys_handle_to_tpm_handle() call chain).
    
    It all works because Esys_LoadExternal_Async() falls back to using the
    supplied values when iesys_handle_to_tpm_handle() fails:
    
        r = iesys_handle_to_tpm_handle(hierarchy, &tpm_hierarchy);
        if (r != TSS2_RC_SUCCESS) {
            ...
            tpm_hierarchy = hierarchy;
        }
    
    Note, TPM2_RH_OWNER was used on purpose to support older tpm2-tss versions
    (pre https://github.com/tpm2-software/tpm2-tss/pull/1531), use meson magic
    to preserve compatibility.
    
    Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
    (cherry picked from commit 155c51293d5bf37f54c65fd0a66ea29e6eedd580)