When booting without Secure Boot active, it is not necessary to defend
against a malicious command line being passed from the loader. So just
use it in this case, to facilitaty some debugging and recovery use
cases.
Fixes: https://github.com/nix-community/lanzaboote/issues/226