Update config files.
    
    Enable module signing (bnc#1082905):
    * CONFIG_MODULE_SIG=y
    * # CONFIG_MODULE_SIG_FORCE is not set
    * # CONFIG_MODULE_SIG_ALL is not set
    * # CONFIG_MODULE_SIG_SHA1 is not set
    * # CONFIG_MODULE_SIG_SHA224 is not set
    * CONFIG_MODULE_SIG_SHA256=y
    * # CONFIG_MODULE_SIG_SHA384 is not set
    * # CONFIG_MODULE_SIG_SHA512 is not set
    * CONFIG_MODULE_SIG_HASH="sha256"
    * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
    * CONFIG_SECONDARY_TRUSTED_KEYRING=y
    * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
    * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
    
    This commit synchronizes these options with SLE15.
    
    We do not add patches for loading keys from the shim layer (as in
    SLE15) for the time being. They were rejected multiple times in
    upstream and we do not want to forward-port them infinitely. This only
    means that loading KMPs with none/invalid signatures generates this:
    <module_name>: loading out-of-tree module taints kernel.
    <module_name>: module verification failed: signature and/or required key missing - tainting kernel
    
    But the modules load fine after that as we have MODULE_SIG_FORCE set
    to 'n'.
    
    Tested in qemu+OVMF and bare metal and everything looks fine.