add --efivars-profile parameter, to directly provide the efivars instead of using a JSON file

This adds a --efivars-profile parameter to allow directly using ESL files (in efivarfs format, which simply adds a 4 byte attr header, or directly in ESL format when also using the --efivars-profile-no-attrs parameter). This allows avoiding the unnecessary conversion to a JSON file, which this script then must convert back to ESL.

In addition to simplifying the input, because the script's JSON->ESL conversion code makes assumptions about each ESL entry's GUID, this allows using non-Azure ESL, so that the resulting CVM image can be tested outside Azure, e.g. using qemu/OVMF.

For qemu testing of CVM images generated by this script, since qemu uses OVMF's default VARS files, all qemu guests (with the same configuration/params for OVMF firmware use) should get the same initial secure boot EFI vars (PK, KEK, db, dbx) as long as secure boot is enabled. So, to get the efivarfs files to provide to this script, a secure-boot-enabled qemu instance can be created and started, and once booted up just capture the files, e.g.:

$ tar -C /sys/firmware/efi -cvf efivars.tar efivars/

Then on the system with this script, extract the tarball and provide the resulting efivars/ dir to the script --efivars-profile parameter.

Note that some of the efivarfs files don't support lseek and so the cp command can't be used to gather the files, something like tar or dd that doesn't use lseek must be used.

Also note that some distros (e.g. Ubuntu) include some package(s) by default (probably fwupd) that may extend/alter the db and/or dbx, and the files obviously need to be captured before that, so their content will match the first-boot values.

There may be some way to parse the OVMF VARS files directly on the host to extract the desired efi variables, but I didn't see any easy way to do so.