linux-source: Fix up module signing configuration in included kernel config files

Our signing certificate isn't included in the source tarball and would
be pointless to include in custom kernels.  Custom kernels also won't
have a separate signing stage.  So remove our settings for
CONFIG_MODULE_SIG_ALL, CONFIG_MODULE_SIG_KEY and
CONFIG_SYSTEM_TRUSTED_KEYS.  This should cause custom kernels based on
the included configs to follow the upstream default for signing, which
is to use a new key pair for each build.

debian/changelog

@@ -119,6 +119,8 @@ linux (4.5.2-1) UNRELEASED; urgency=medium
     SND_SOC_INTEL_SKL_RT286_MACH, SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH,
     SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH as modules
   * module: Invalidate signatures on force-loaded modules
+  * linux-source: Fix up module signing configuration in included kernel
+    config files
 
   [ Aurelien Jarno ]
   * [mips*] Emulate unaligned LDXC1 and SDXC1 instructions.

debian/rules.real

@@ -471,8 +471,10 @@ install-source: $(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).ta
 	dh_testroot
 	dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION)
 	dh_install '$^' /usr/src
+# Include our kernel config files, but with the module signing
+# configuration fixed to work for custom kernels.
 	for triplet in $(ALL_TRIPLETS); do \
-	  xz -c $(BUILD_DIR)/build_$$triplet/.config >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
+	  sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\)[ =]/d' $(BUILD_DIR)/build_$$triplet/.config | xz -c >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
 	done
 # We don't want to recompress, but -Znone is not compatible with older
 # tools and is currently rejected by dak.  -Zgzip -z0 (uncompressed