selinux: ensure we cleanup the internal AVC counters on error in avc_insert()

Fix avc_insert() to call avc_node_kill() if we've already allocated
an AVC node and the code fails to insert the node in the cache.

Fixes: fa1aa143 ("selinux: extended permissions for ioctls")
Reported-by:  <rsiddoji@codeaurora.org>
Suggested-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>