msm: mhi_dev: Avoiding double free in MHI UCI layer

In mhi_uci_ctrl_set_tiocm(), the control message is submitted to MHI/IPA
using mhi_uci_send_packet(). Device waits for completion after this. If
the wait is interrupted or is timed out, control message buffer is freed
using kfree(). But as the message is already sent, write completion
callback is invoked after buffer is freed and same pointer is being
freed again.

To avoid this double free issue, removing kfree() in
mhi_uci_ctrl_set_tiocm(). Once sending of the message is completed,
buffer is freed as part of the write completion callback.

Change-Id: I6e33ce46fc5506ac45256102221fafb08050a5b5
Signed-off-by: Sai Chaitanya Kaveti <quic_skaveti@quicinc.com>