[saucy SRU] LP#1259570 -- make kexec disablable

[Andy Whitcroft]

The kexec system is a potential source of security attacks, it makes
sense in tighter security setups to allow onetime initialisation of the
kexec image.  This patch adds a sysctl which locks the current settings
preventing later modification.  This allows us to load a crash kernel
and then prevent it being replaced later.

This is a clean cherry-pick from mainline and is applied to Trusty already.
The security team have requested this be made available in saucy.

Proposing for SRU to saucy.

-apw