[SRU B/F/G V2] LP: #1898716 -- add direct support for the livepatching

[Andy Whitcroft]

The current user-experience for Livepatch users is poor.  The livepatch
modules we produce are signed separatly from the kernel modules.
This means that to enable livepatching of the kernel we have to enroll
a certificate for the livepatch service; the enrollment of this key
necessitates a reboot to EFI to acknowledge the key.

This patch set adds packaging infrastructure to support the addition
of module signing certificates.  It then adds the Canonical Livepatch
Signing key and the Canonical Kernel Module Signing key.  This both
allows us to directly import appropriate livepatch modules, and externally
signed drivers modules.  As part of this we enable CONFIG_MODVERSIONS as
recommended by the kernel documentation.

Following this email are three patch sets each consisting of 4 patches.
There are individual patches 1/2 for each series, patches 3 and 4 are
common to each series.

Proposing for bionic:linux, focal:linux, and groovy:linux.

-apw

V2: fix debian.master specific path names.