base-files: introduce sysupgrade signature chain verification

Verify ucert signature chains in sysupgrade images in case ucert is
installed and $CHECK_IMAGE_SIGNARURE = 1.
Also make sure ucert host binary is present and generate a self-signed
ucert in case $TOPDIR/key-build.ucert is missing.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

package/base-files/files/sbin/sysupgrade

@@ -136,7 +136,7 @@ add_overlayfiles() {
 }
 
 # hooks
-sysupgrade_image_check="fwtool_check_image platform_check_image"
+sysupgrade_image_check="fwtool_check_signature fwtool_check_image platform_check_image"
 
 if [ $SAVE_OVERLAY = 1 ]; then
 	[ ! -d /overlay/upper/etc ] && {