I've reproduced this on Azure with an updated image, Ubuntu Jammy / 22.04 with cloud-init 23.1.1-0ubuntu0~22.04.1

This should be a much easier example to follow along -- the cloud-init log TARs are included for the two VMs involved.
Summary of steps done in the Azure Portal:
- First VM created from Jammy image at 2023-04-10 18:19
- Simulated a shim-signed package upgrade -- grub-efi debconf gets set.
- Captured this VM as an image
- Second VM created from custom image at 2023-04-10 18:34
- Simulated shim-signed upgrade -- breaks on grub-efi disk mismatch.

Notes about the TAR archives:
* The logs from the second VM contain the logs from the first VM that were packaged in the image.
* Some Azure metadata present in cloud-init data (e.g. Azure subscription) are redacted.
* Logs may contain additional dpkg/apt activity from me poking around.



###
### Accompanying notes and logs:
###

### The first VM was created from image "Ubuntu Server 22.04 LTS - Gen1" (publisher/offer/sku: canonical / 0001-com-ubuntu-server-jammy / 22_04-lts) with default settings ("Premium SSD" OS disk) except for restricted networking.
### (2023-04-10 18:19, adrien-test-cloud-init-imaging)

```
root@adrien-test-cloud-init-imaging:/home/azureuser# ls -la /dev/disk/by-id/ | grep part15; debconf-show grub-pc | egrep "grub-efi/install_devices:|grub-pc/install_devices:"; grep "Setting grub debconf-set-selections" /var/log/cloud-init.log
lrwxrwxrwx 1 root root  11 Apr 10 18:19 scsi-14d53465420202020e0488e713b6c5e4286129c7255dd721f-part15 -> ../../sdb15
lrwxrwxrwx 1 root root  11 Apr 10 18:19 scsi-360022480e0488e713b6c9c7255dd721f-part15 -> ../../sdb15
lrwxrwxrwx 1 root root  11 Apr 10 18:19 wwn-0x60022480e0488e713b6c9c7255dd721f-part15 -> ../../sdb15
* grub-pc/install_devices: /dev/disk/by-id/scsi-14d53465420202020e0488e713b6c5e4286129c7255dd721f
  grub-efi/install_devices:
2023-04-10 18:20:03,717 - cc_grub_dpkg.py[DEBUG]: Setting grub debconf-set-selections with '/dev/disk/by-id/scsi-14d53465420202020e0488e713b6c5e4286129c7255dd721f','false'
```
Nominal: grub-efi debconf not present yet, grub-pc from cloud-init.

### Simulated our Packer installing a shim-signed upgrade (headless `apt upgrade`), which sets the `grub-efi` debconf
```
root@adrien-test-cloud-init-imaging:/home/azureuser# DEBIAN_FRONTEND=noninteractive dpkg-reconfigure shim-signed
Trying to migrate /boot/efi into esp config
Installing grub to /boot/efi.
Installing for x86_64-efi platform.
grub-install: warning: EFI variables cannot be set on this system.
grub-install: warning: You will have to complete the GRUB setup manually.
Installation finished. No error reported.

root@adrien-test-cloud-init-imaging:/home/azureuser# debconf-show grub-pc | egrep "grub-efi/install_devices:|grub-pc/install_devices:"
* grub-pc/install_devices: /dev/disk/by-id/scsi-14d53465420202020e0488e713b6c5e4286129c7255dd721f
* grub-efi/install_devices: /dev/disk/by-id/scsi-14d53465420202020e0488e713b6c5e4286129c7255dd721f-part15
```

### Captured the VM image as adrien-test-cloud-init-imaging-image-20230410112812, created second VM from it
### (2023-04-10 18:34, adrien-test-cloud-init-from-custom-image)

```
root@adrien-test-cloud-init-from-custom-image:/home/azureuser# ls -la /dev/disk/by-id/ | grep part15; debconf-show grub-pc | egrep "grub-efi/install_devices:|grub-pc/install_devices:"; grep "Setting grub debconf-set-selections" /var/log/cloud-init.log
lrwxrwxrwx 1 root root  11 Apr 10 18:34 scsi-14d53465420202020a6911a0eca07bb42a5ed90f05ba17f86-part15 -> ../../sdb15
lrwxrwxrwx 1 root root  11 Apr 10 18:34 scsi-360022480a6911a0eca0790f05ba17f86-part15 -> ../../sdb15
lrwxrwxrwx 1 root root  11 Apr 10 18:34 wwn-0x60022480a6911a0eca0790f05ba17f86-part15 -> ../../sdb15
* grub-efi/install_devices: /dev/disk/by-id/scsi-14d53465420202020e0488e713b6c5e4286129c7255dd721f-part15
* grub-pc/install_devices: /dev/disk/by-id/scsi-14d53465420202020a6911a0eca07bb42a5ed90f05ba17f86
2023-04-10 18:20:03,717 - cc_grub_dpkg.py[DEBUG]: Setting grub debconf-set-selections with '/dev/disk/by-id/scsi-14d53465420202020e0488e713b6c5e4286129c7255dd721f','false'
2023-04-10 18:35:01,155 - cc_grub_dpkg.py[DEBUG]: Setting grub debconf-set-selections with '/dev/disk/by-id/scsi-14d53465420202020a6911a0eca07bb42a5ed90f05ba17f86','false'
```
We can see the OS disk has a different serial. `grub-pc` debconf was updated by cloud-init, grub-efi is unchanged from the initial VM image.

### An headless grub EFI upgrade blows up:
```
root@adrien-test-cloud-init-from-custom-image:/home/azureuser# DEBIAN_FRONTEND=noninteractive dpkg-reconfigure shim-signed
mount: /var/lib/grub/esp: special device /dev/disk/by-id/scsi-14d53465420202020e0488e713b6c5e4286129c7255dd721f-part15 does not exist.
```
apt/dpkg is broken at this point due to the misconfigured package, until manual resolution.