When booting without Secure Boot active, it is not necessary to defend
against a malicious command line being passed from the loader. So just
use it in this case, to facilitaty some debugging and recovery use
cases.
Fixes: https://github.com/nix-community/lanzaboote/issues/226
goblin 0.7.1 introduces certification support for PE files. This seems to be broken, because we get:
Parsing PE failed Malformed entity: Unable to extract certificate. Probably cert_size:1599360838 is malformed!
from goblin when trying to parse our PE file in memory.
See #237 for context.