Add UEFI Secure Boot with unsigned kernel case (New)

[baconYao]

Description

Currently, for secure boot coverage, Checkbox only has miscellanea/secure_boot_mode to check secure boot is enabled from System level.

However, based on the responsibility of publishing image, Canonical is responsible for the signed shim, grub and kernel. Therefore, I add a manual case to replace signed kernel with unsigned kernel to prove the function of UEFI Secure Boot is working as expected.

This is raised from Boashan Project but the testing method is generic. So Canonical QA can follow the step to verify UEFI Secure Boot feature if a project supports UEFI firmware on Classic image.

Resolved issues

• https://warthogs.atlassian.net/browse/OEMQA-4820

Documentation

• Baoshan - Secure Boot Enablement Guide
• https://forums.debian.net/viewtopic.php?p=789903&sid=8de6b14ace62a6f1fbe9103aa35c0346#p789903
• https://sources.debian.org/src/grub2/2.06-13+deb12u1/grub-core/kern/efi/sb.c/#L182
• https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa/+packages?field.name_filter=&field.status_filter=published&field.series_filter=jammy

Tests

[baconYao]

@hanhsuan @stanley31huang I revert the commit to fix the issue of 80 length limitation. We should file another PR to fix it.