fips-mode-setup: gracefully handle OSTree-based systems

The script wants to inspect the initramfs and rebuild it. This is technically possible to do in Fedora CoreOS and RHEL CoreOS, but really we handle FIPS mode much earlier there without having to rebuild the initrd. The rationale is that we don't use Anaconda, and so we need to do some special maneuvers during firstboot in the initrd prior to any crypto-related code runs.

However, we do still want fips-mode-setup for handling update-crypto-policies. We also want fips-mode-setup --check to work correctly.

Signed-off-by: Jonathan Lebon jonathan@jlebon.com