Upstream has made a keyring to the platform keys. The "KEYS: Allow
unrestricted boot-time addition of keys to secondary keyring" is
available upstream for the platform keyring.
The only issue is that module signatures aren't checked with the
platform keyring, so this introduces a patch to add that which has been
sent upstream. At least our carried-patch count hasn't gone up.
