MdeModulePkg/Variable: Avoid double VA conversion of FVB protocol

For historical reasons, VariableRuntimeDxe performs virtual address
conversion on the FVB protocol member pointers of the protocol instance
that backs the EFI variable store. However, the driver that produces the
actual instance should be doing this, as it is the owner and provides
the actual implementation of those methods.

Unfortunately, we cannot simply remove this: existing FVB drivers may
rely on the Variable driver performing the conversion on their behalf.
So the Variable driver should convert the pointers only when the FVB
producer has not already done so.

The SetVirtualAddressMap event can be delivered in arbitrary order, so
we cannot rely on whether this driver converts its pointers before or
after the FVB protocol owner receives the event.

Fix this by recording the converted addresses in a shadow FVB protocol
rather than converting the live pointers directly. On the first runtime
variable access, check whether the FVB producer has performed its own
conversion; if not, swap in the shadow copy's converted pointers.

Without this fix, platforms where the FVB producer performs its own
SetVirtualAddressMap conversion (e.g., OP-TEE StandaloneMm-backed
EepromFvb on NXP LX2160A) suffer double pointer conversion, causing
runtime variable access to crash.

Signed-off-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Tested-by: Liz Fong-Jones <lizf@honeycomb.io>
Cc: Liming Gao <gaoliming@byosoft.com.cn>