ptlrpc: fix sepol error handling in ptlrpc_connect_import_locked

Two bugs in the SELinux policy handling path of ptlrpc_connect_import_locked() that together cause a kobject leak and -EEXIST on repeated mount attempts when send_sepol is enabled and l_getsepol fails (e.g. RHEL 10.1).

Bug 1 - Incorrect Error Code Handling (sec.c / sepol_helper):
l_getsepol returns a positive errno on RHEL 10.1 (e.g. 25/ENOTTY). sptlrpc_sepol_get() passes  this to ERR_PTR(), which only recognizes negative values, so the error goes undetected and the caller dereferences a garbage pointer causing a NULL dereference and kernel panic.
                                                                                                
Fix: Negate the return value in sepol_helper so l_getsepol always returns a negative errno on error. Patch: https://review.whamcloud.com/c/fs/lustre-release/+/65026
                                                                                                
Bug 2 - Reference Count Leak (import.c):                                                      
After Bug 1 is fixed and the error path executes, ptlrpc_request_free(request) fails to
  release the import reference acquired by ptlrpc_request_alloc(). This causes imp_reqs to never reach zero, leading to hung or slow unmount after accumulated failures.
                                                                                                
Fix: Replace ptlrpc_request_free() with ptlrpc_req_put() on the error path. Patch: https://review.whamcloud.com/c/fs/lustre-release/+/65026

Reproducer: Mount a Lustre client with send_sepol=-1 on RHEL 10.1.
First mount fails; without the fix, second mount returns -EEXIST.