MdeModulePkg/SecurityStubDxe: Report failure if image is load earlier

The 3rd party image should be loaded after EndOfDxe event signal and
DxeSmmReadyToLock protocol installation. But non-SMM platform doesn't
published DxeSmmReadyToLock protocol.
So the SecurityStubDxe can only depend on EndOfDxe event.

This patch enhances the SecurityStubDxe to listen on
DxeSmmReadyToLock protocol installation and if any 3rd party image
is loaded before DxeSmmReadyToLock, it reports failure.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>

MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h

@@ -15,16 +15,19 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #ifndef _DEFER_3RD_PARTY_IMAGE_LOAD_H_
 #define _DEFER_3RD_PARTY_IMAGE_LOAD_H_
 
-#include <Uefi.h>
+#include <PiDxe.h>
 #include <Guid/EventGroup.h>
 #include <Protocol/DeferredImageLoad.h>
 #include <Protocol/FirmwareVolume2.h>
+#include <Protocol/DxeSmmReadyToLock.h>
 
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/BaseMemoryLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/DevicePathLib.h>
 #include <Library/DebugLib.h>
+#include <Library/UefiLib.h>
+#include <Library/ReportStatusCodeLib.h>
 
 /**
   Returns information about a deferred image.