KEYS: Allow unrestricted boot-time addition of keys to secondary keyring

KEYS: Allow unrestricted boot-time addition of keys to secondary keyring

Allow keys to be added to the system secondary certificates keyring during
kernel initialisation in an unrestricted fashion.  Such keys are implicitly
trusted and don't have their trust chains checked on link.

This allows keys in the UEFI database to be added in secure boot mode for
the purposes of module signing.

Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0001-KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch