secure boot v2: Fix crash if signature verification fails in app

sha_handle is "finished" when verify_secure_boot_signature() returns and
should be nulled out.

Alternative version of fix submitted in https://github.com/espressif/esp-idf/pull/6210

Closes https://github.com/espressif/esp-idf/pull/6210

Signed-off-by: Angus Gratton <angus@espressif.com>

components/bootloader_support/src/esp_image_format.c

@@ -229,6 +229,7 @@ static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_
             if (true) {
 #endif // end checking for JTAG
                 err = verify_secure_boot_signature(sha_handle, data, image_digest, verified_digest);
+                sha_handle = NULL; // verify_secure_boot_signature finishes sha_handle
             }
 #else // SECURE_BOOT_CHECK_SIGNATURE
             // No secure boot, but SHA-256 can be appended for basic corruption detection