8bac3f53 mokutil: check the kernel trusted keyring by default

[hramrach]

Why is this?

The key is enrolled with shim, not kernel.

The key built into kernel has nothing to do with keys recognized by shim.

Not enrolling the kernel key makes kernel unbootable for typical distribution kernels that are signed with a key that's also built into the kernel.

[hramrach]

@joeyli

[lnussel]

This is related to https://bugzilla.suse.com/show_bug.cgi?id=1173115