UPSTREAM: netfilter: nft_set_pipapo: release elements in clone only from destroy path

[ Upstream commit b0e256f3 ]

Clone already always provides a current view of the lookup table, use it
to destroy the set, otherwise it is possible to destroy elements twice.

This fix requires:

 212ed75d ("netfilter: nf_tables: integrate pipapo into commit protocol")

which came after:

 9827a0e6 ("netfilter: nft_set_pipapo: release elements in clone from abort path").

Bug: 330876672
Fixes: 9827a0e6 ("netfilter: nft_set_pipapo: release elements in clone from abort path")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit ff900507)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I8c0811e69f82681c7fcfdca1111f1702e27bb80e