debian: enable EFI secure boot feature as default

Whether BIOS enables EFI secure boot or not, this LAT
image could work:

On target:
1. While BIOS enables EFI secure boot
1.1 Insert certs to BIOS
- Enter BIOS, remove existed certs of EFI secure boot
- Boot from ISO or PXE, insert LAT debian certs for EFI secure
  boot and reboot, all done automatically
[log]

  Booting `Automatic Certificate Provision'
/EndEntire
file path: /ACPI(a0341d0,0)/PCI(1,1)/ATAPI(1,0,0)/File(\EFI\BOOT)
/File(LockDown.efi)/EndEntire
Platform is in Setup Mode
Created KEK Cert
Created db Cert
Created dbx Cert
Created PK Cert
Platform is in User Mode
Platform is set to boot securely
Prepare to execute system warm reset after 3 seconds ...
[log]

1.2 Enable EFI secure boot on BIOS
- Enter BIOS again, enable EFI secure boot, save configuration
and reboot
- Boot from ISO/PXE to do LAT debian installation

2. While BIOS disables EFI secure boot
- Enter BIOS, disable EFI secure boot, save configuration and reboot
- Boot from ISO/PXE to do LAT debian installation

PS: while editing grub configuration (press e) at booting time, grub
prompts to enter username and password (root, root)

Story: 2008846
Task: 44920

PASS: Build image with EFI secure boot feature enabled
PASS: BIOS enable secure boot to do LAT debian installation
PASS: BIOS disable secure boot to do LAT debian installation

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Change-Id: Iebbe7124bb8feb1f6d23ad9f973ba8e108955db7

debian-mirror-tools/config/debian/common/base-bullseye.yaml

@@ -32,7 +32,7 @@ gpg:
     BOOT_EFITOOL: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/LockDown.efi
     BOOT_GRUB_CFG: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/grub.cfg
     BOOT_NOSIG_GRUB: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64-nosig.efi
-    EFI_SECURE_BOOT: disable
+    EFI_SECURE_BOOT: enable
 packages: []
 external-packages: []
 include-default-packages: '0'