Merge: redhat: use the same cert as UKI's to sign addons

MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/7520

JIRA: https://issues.redhat.com/browse/RHEL-124089

Addons' cert should be the same as UKI's. Otherwise
it breaks full disk encryption of Azure CVM by changing
PCR7 where volume key is sealed.

Signed-off-by: Li Tian <litian@redhat.com>

Approved-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Approved-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Approved-by: Jan Stancek <jstancek@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>

Merged-by: CKI GitLab Kmaint Pipeline Bot <26919896-cki-kmaint-pipeline-bot@users.noreply.gitlab.com>

Author: CKI KWF Bot

redhat/kernel.spec.template

@@ -2436,7 +2436,7 @@ BuildKernel() {
         mv $KernelUnifiedImage.signed $KernelUnifiedImage
 
       for addon in "$KernelAddonsDirOut"/*; do
-        %pesign -s -i $addon -o $addon.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
+        %pesign -s -i $addon -o $addon.signed -a %{secureboot_ca_0} -c $UKI_secureboot_cert -n $UKI_secureboot_name
         rm -f $addon
         mv $addon.signed $addon
       done