Enable SecureBoot

[JohnAZoidberg]

Shouldn't be very difficult, since it's not architecture specific.

Once enabled, we'd also want to add a test for it to the Github Actions CI.

We should probably do two tests. One to check that it succeeds and another one to check that an invalid image fails to boot.

TODO:

• Check what DXE's to add
• Build with -DSECURE_BOOT_ENABLE
• Check what to put in VARS FD
• Create keys
• Sign kernel and initrd
• Enroll keys

Resources:

• https://github.com/rhuefi/qemu-ovmf-secureboot
• https://github.com/puzzleos/uefi-dev
• https://www.youtube.com/watch?v=qtyRR-KbXYQ