Incorporate signed shim package into default images/iso (#881)

- iso-initrd: Use signed shim package

- core-packages: Use signed shim package

- core-efi-aarch64: Add new core-efi-aarch64 image

aarch64 images still need to use the shim-unsigned package. Add a new
core-efi-aarch64 image configuration and add a new
core-packages-image-aarch64 packagelist with the shim-unsigned package.

When a signed aarch64 shim is available, we can consider removing this
image configuration and package list.

- full-aarch64: Add new full-aarch64 iso config

Signed-off-by: Chris Co <chrco@microsoft.com>

toolkit/imageconfigs/core-efi-aarch64.json

@@ -0,0 +1,58 @@
+{
+    "Disks": [
+        {
+            "PartitionTableType": "gpt",
+            "MaxSize": 4096,
+            "Artifacts": [
+                {
+                    "Name": "core",
+                    "Type": "vhdx"
+                }
+            ],
+            "Partitions": [
+                {
+                    "ID": "boot",
+                    "Flags": [
+                        "esp",
+                        "boot"
+                    ],
+                    "Start": 1,
+                    "End": 9,
+                    "FsType": "fat32"
+                },
+                {
+                    "ID": "rootfs",
+                    "Start": 9,
+                    "End": 0,
+                    "FsType": "ext4"
+                }
+            ]
+        }
+    ],
+    "SystemConfigs": [
+        {
+            "Name": "Standard",
+            "BootType": "efi",
+            "PartitionSettings": [
+                {
+                    "ID": "boot",
+                    "MountPoint": "/boot/efi",
+                    "MountOptions" : "umask=0077"
+                },
+                {
+                    "ID": "rootfs",
+                    "MountPoint": "/"
+                }
+            ],
+            "PackageLists": [
+                "packagelists/hyperv-packages.json",
+                "packagelists/core-packages-image-aarch64.json",
+                "packagelists/cloud-init-packages.json"
+            ],
+            "KernelOptions": {
+                "default": "kernel"
+            },
+            "Hostname": "cbl-mariner"
+        }
+    ]
+}

toolkit/imageconfigs/full-aarch64.json

@@ -0,0 +1,26 @@
+{
+    "SystemConfigs": [
+        {
+            "Name": "CBL-Mariner Full",
+            "PackageLists": [
+                "packagelists/hyperv-packages.json",
+                "packagelists/developer-packages.json",
+                "packagelists/virtualization-host-packages.json",
+                "packagelists/core-packages-image-aarch64.json"
+            ],
+            "KernelOptions": {
+                "default": "kernel"
+            }
+        },
+        {
+            "Name": "CBL-Mariner Core",
+            "PackageLists": [
+                "packagelists/hyperv-packages.json",
+                "packagelists/core-packages-image-aarch64.json"
+            ],
+            "KernelOptions": {
+                "default": "kernel"
+            }
+        }
+    ]
+}

toolkit/imageconfigs/packagelists/core-packages-image-aarch64.json

@@ -0,0 +1,10 @@
+{
+    "packages": [
+        "shim-unsigned",
+        "grub2-efi-binary",
+        "ca-certificates",
+        "core-packages-base-image",
+        "initramfs"
+    ],
+    "_comment": "Install 'initramfs' last to avoid unnecessary regeneration when other packages, such as 'kernel', are installed."
+}

toolkit/imageconfigs/packagelists/core-packages-image.json

@@ -1,6 +1,6 @@
 {
     "packages": [
-        "shim-unsigned",
+        "shim",
         "grub2-efi-binary",
         "ca-certificates",
         "core-packages-base-image",

toolkit/resources/imageconfigs/packagelists/iso-initrd-packages.json

@@ -57,7 +57,7 @@
         "rpm",
         "sed",
         "shadow-utils",
-        "shim-unsigned",
+        "shim",
         "sqlite",
         "systemd",
         "tar",