garuda-health: Support secure boot

Once the kernel is signed by sbctl, garuda-health reports it to be invalid. And if fixed using garuda-health --fix, sbctl verify no longer shows it as signed.

garuda-health should probably ignore the secure boot signature when validating the kernel or maybe even verify that it is correctly signed (using sbctl verify) as well.

And if garuda-health --fix regenerates the kernel it should probably automatically resign the kernel files as well.