redhat/configs: allow IMA to use MOK keys
Users can add IMA CA keys to the MOK list which will be added to the .machine keyring. The .machine keyring is linked the .secondary_trusted_keys keyring. Allow IMA to access the .secondary_trusted_keys keyring so users' customer IMA CA keys can be used to vouch for the keys to be added to the .ima keyring.
CONFIG_INTEGRITY_CA_MACHINE_KEYRING_CA and CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX is enabled to a) meet the requirement FIA_X509_EXT.1 X.509 as specified in OSPP 4.3 [1] and b) let custom kernel module signing key stay in the .platform keyring.
[1] https://www.niap-ccevs.org/MMO/PP/OS%204.3%20PP/
Signed-off-by: Coiby Xu coxu@redhat.com