security-extension: update grub build for secure boot

-when grub is used with secure boot all files that it loads
 must be signed with gpg

-secure boot requires using grub-mkstandalone instead of
 grub-mkimage.  grub-mkstandalone builds all modules into the grub
 image and they don't have to be individually signed and loaded.

-when grub-mkstandalone generates the grub image it includes a
 a file called grub-initial.cfg that is built into the image.
 grub-initial.cfg defines the $root variable, explicitly loads
 grub.cfg, and enables signature checking

-a side effect of grub-mkstandalone is that the grub_prefix.cfg
 is no longer needed since modules are not loaded from disk

-the following additional modules are used: pgp gcry_sha512 gcry_rsa

-grub.cfg is signed with gpg

Signed-off-by: Stuart Yoder <stuart.yoder@arm.com>