Set up CentOS Project Special Interest Group Secure Boot certificates

Description

In order for CentOS SIGs like Hyperscale and Kmods to have access to secure boot signing for kernel software packages, signing infrastructure needs to be set up for this.

Specifically, this requires:

• A secure boot certificate key pair for CentOS SIGs that CBS can use
• CBS to have builders with a secure-boot channel where the pesign socket is made available for specific packages/tags for specific users
• A copy of the public certificate that can be embedded in shim so that it is automatically trusted by GRUB and the kernel.