libxl: fix error handling (xenstore transaction leak) in libxl__domain_make

libxl: fix error handling (xenstore transaction leak) in libxl__domain_make

libxl__domain_make could under some circumstances leak the xenstore
transaction (stored in the variable t).  Also, failures to commit the
xenstore transaction for reasons other than EAGAIN would be ignored (!)

Fix this as follows:

  * Initialise t to 0 (not a valid transaction id), and when the
    transaction is successfully committed or rolled back, reset it.

  * Change all the instances of:       libxl__free_all(&gc); return error;
    to instead do:                     rc=error;  goto out;

  * Use the out stanza for exiting, setting rc=0 on success first.

  * Explicitly abort the transaction in the out stanza.

Also add a note by the calls manipulating the gc, to note that as this
is an internal function, the gc should really be set up and destroyed
by its caller.  But let's not do that at this stage of the 4.1 release
cycle.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>