Unstable backup and restore

This merge request addresses reliability and safety of applying grub-pc upgrades.

When performed non-interactively, postinst instead of showing critical prompts may simply exit successfully indicating successful package configure even though MBR update may have failed, and modules in /boot/grub might no longer match the MBR core image leading to failure to boot.

Separately, I have submitted a patch upstream to make grub-install more resilient. Instead of irrevocably removing grub modules prior to updating MBR, I now made it create a backup and register on_exit handle. If everything is successful the on_exit handle removes the backup. If critical errors have occurred the backup is restored. This prevents mismatch of grub modules and MBR in case of attempts to call grub-install on non-existing devices, or calling on a device that refuses writes to MBR (as I have seen in one particular public cloud, it felt as if the underlying disk storage was refusing writes to mbr).

I have tested above using apparmor profile that prohibited writes to /dev/*. And ensured that backups/rollback/cleanup all operate correctly using Debian cloud image as a base VM image.