Add GRUB2_PASSWORD support, source custom.cfg

user.cfg, despite his name, is usually used to store GRUB2_PASSWORD variable:
- grub2-set-password utility overwrite the whole file
- security scanners look at the content of user.cfg
  https://github.com/ComplianceAsCode/content/blob/47fd3bcded59116ade8ea09eb396f363e37813d4/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml

Copy the content of the legacy /etc/grub.d/01_users as 01_grub2_password.cfg,
and source custom.cfg instead of user.cfg for people in need of custom
configs. This gets us closer to classic grub2-mkconfig behaviour.

Author: champtar

Makefile

@@ -39,7 +39,7 @@ install:
 
 install-grub-static:
 	install -m 644 -D -t ${DESTDIR}$(PREFIX)/lib/bootupd/grub2-static src/grub2/*.cfg
-	install -m 755 -d ${DESTDIR}$(PREFIX)/lib/bootupd/grub2-static/configs.d
+	install -m 644 -D -t ${DESTDIR}$(PREFIX)/lib/bootupd/grub2-static/configs.d src/grub2/configs.d/*.cfg
 
 install-systemd-unit:
 	install -m 644 -D -t "${DESTDIR}$(PREFIX)/lib/systemd/system/" systemd/bootloader-update.service

src/grub2/configs.d/01_grub2_password.cfg

@@ -0,0 +1,10 @@
+# Keep the comment for grub2-set-password
+### BEGIN /etc/grub.d/01_users ###
+if [ -f ${prefix}/user.cfg ]; then
+  source ${prefix}/user.cfg
+  if [ -n "${GRUB2_PASSWORD}" ]; then
+    set superusers="root"
+    export superusers
+    password_pbkdf2 root ${GRUB2_PASSWORD}
+  fi
+fi

src/grub2/configs.d/41_custom.cfg

@@ -0,0 +1,5 @@
+# Import user defined configuration
+# tracker: https://github.com/coreos/fedora-coreos-tracker/issues/805
+if [ -f $prefix/custom.cfg ]; then
+  source $prefix/custom.cfg
+fi

src/grub2/grub-static-post.cfg

@@ -7,11 +7,5 @@ else
   set timeout=1
 fi
 
-# Import user defined configuration
-# tracker: https://github.com/coreos/fedora-coreos-tracker/issues/805
-if [ -f $prefix/user.cfg ]; then
-  source $prefix/user.cfg
-fi
-
 blscfg