Sign modules using an ephemeral key; bump ABI for every upload

Backport @waldi's changes to use an ephemeral signing key:

• Drop not needed extra step to add debug links
• Sign modules using an ephemeral key
• Not longer request Secure Boot signing for modules
• Don't trust Secure Boot key any longer
• Part of "Merge main image build and install into one target"
• Store build time signing key encrypted

and some dependencies:

• Remove rcX special case for abi name (also from @waldi)
• certs: check-in the default x509 config file (from upstream)

Backport my changes to check the kernel config for Secure Boot:

• d/b/buildcheck.py, d/rules.real: Run buildcheck.py in setup as well
• d/b/buildcheck.py: Check config of kernel to be signed

Generate a unique ABI name for every upload, without changing the current format:

• d/rules: Include target suite as an input to gencontrol.py
• Generate kernel ABI name suffix automatically if not configured
• d/c/defines: Delete ABI name suffix
• d/salsa-ci.yml: Ignore pycodestyle error E241

This should do the same thing as !1600 (merged), but there are a lot of little differences.