Add a procedure for signing a kernel module with a custom key
(Originally from https://bugzilla.redhat.com/show_bug.cgi?id=1615744#c3)
Great docs! The only missing thing I see is how you re-sign a module with a custom key. For example, I am using my own Secure Boot PK, KEK, DB and DBX, and I have a custom signed kernel. How do I pull already signed modules from the fedora repos and re-sign with my custom key so they can work on Secure Boot. The docs in https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html does not say anything about it, and assumes you are compiling the module. Do you need to remove the previous signature, or can you append the new signature?