redhat: use the same cert as UKI's to sign addons

JIRA: https://issues.redhat.com/browse/RHEL-124089

Upstream Status: RHEL only

Addons' cert should be the same as UKI's. Otherwise
it breaks full disk encryption of Azure CVM by changing
PCR7 where volume key is sealed.

Signed-off-by: Li Tian <litian@redhat.com>

Author: litian1992

redhat/kernel.spec.template

@@ -2437,7 +2437,7 @@ BuildKernel() {
         mv $KernelUnifiedImage.signed $KernelUnifiedImage
 
       for addon in "$KernelAddonsDirOut"/*; do
-        %pesign -s -i $addon -o $addon.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
+        %pesign -s -i $addon -o $addon.signed -a %{secureboot_ca_0} -c $UKI_secureboot_cert -n $UKI_secureboot_name
         rm -f $addon
         mv $addon.signed $addon
       done