Use small EFI binary instead of nsh scripts

[kdevo]

Motivation: nsh scripts can't be signed for secure boot, hence they are not tamper-proof.
In order to further minimize the attack surface of running unwanted code, this issue proposes to build a small EFI program that does the simple work of recovery.nsh and nothing more (snapshots.txt file approach can be left as is).

In this small EFI binary, the kernel command line could be "baked in" in order to only make the snapshot selection available to the user via stdin.