Use a keyring directory for RAUC and add a devel certificate

[hnez]

Adding a devel certificate that is deployed (but not enabled) on all LXA TAC images makes it easier for newcomers to build and install their first custom bundle.

The install-time detection of which certificates to trust is required for our planned release channels for official bundles:

First the bundles are built and signed with the rauc-devel.key.pem key and tested on hardware. If the tests are passed the existing bundle will be automatically re-signed with the nightly release key. If a new stable release is to be released an existing nightly bundle that has been manually tested is manually re-signed with the stable release key.

All of these bundles are deployed with the same /etc/rauc/certificates-* but a stable bundle should only be able to install other stable bundles, so we need to detect the release channel the bundle belongs to at install-time.

[hnez]

We are about to generate certificates for our release channels. I think we should include those in this PR before merging it.

[hnez]

The PR now contains the newly generated certificates and should be ready for merging.