Its harmless - actually, the norm, in all but rare special cases: Almost all clients will send EHLO once to coax the server into revealing that yes, of course, it will accept the STARTTLS workaround to upgrade the existing connection to a secure channel. And then they will have to send EHLO again because the server is not allowed to reuse anything received from the preceding insecure channel:
Upon completion of the TLS handshake, the SMTP protocol is reset to
the initial state (the state in SMTP after a server issues a 220
service ready greeting).
(Well, at least its supposed to. There were a few very unfortunate bugs around this, allowing malicious third-parties insert commands in an believed-to-be secure session.)
It is even possible that a misconfigured client send EHLO more often than twice, not necessarily hampering actual deliveries. I have seen that happen with broken intercepting (MitM) firewalls.
You can make the fact that the two messages refer to mostly-separate SMTP protocol sessions more visible in your log by increasing your smtpd_tls_loglevel from its zero default. I strongly recommend to not exceed smtpd_tls_loglevel=2, higher values produce excessive logs and reveal connection details best not persisted.
You could make the fact that postfix silently disregarded some keywords more silent by adding the special silent-discard to your smtpd_discard_*_keywords parameter. I strongly recommend to not do that, and instead add comment and/or log parser configuration help future admins (or other readers of that log message) understand your justification for configuring your server with such non-standard behaviour.
