If we can't allocate the new path when loopoing over the target range,
then we have to free the scan_info->cpi CCB, not the work_ccb. This was
accidentally correct for the first iteration (because work_ccb ==
scan_info->cpi), but incorrect after that since we'll be freeing the CCB
for XPT_SCAN_LUN for the prior LUN we kicked off. Reorder the free so we
free it before we free scan_info so the pointer is still valid.
I do not have a test case for this since it requires that we fail in the
second or later iteration of the loop due to low memory, and only
fuzzing would catch that.
Sponsored by: Netflix