bootutil: Fix memory leak in HKDF implementation

The bootutil_hmac_sha256_set_key routine performs some dynamic memory
allocations when mbedTLS is used. To properly free the allocated memory,
bootutil_hmac_sha256_drop must be called before reinitializing the HMAC
context using bootutil_hmac_sha256_init.  However, in the hkdf routine,
the HMAC context was freed only once even though it was initialized
multiple times.

Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>