[build] Filter out non-permitted drivers for UEFI Secure Boot

[build] Filter out non-permitted drivers for UEFI Secure Boot

The all-drivers targets (e.g. ipxe.efi) cannot currently be used in a
Secure Boot build since the permissibility check will (correctly) fail
due to the inclusion of non-permitted drivers.

In a Secure Boot build, filter the all-drivers list to include only
the subset of drivers that are marked as being permitted for UEFI
Secure Boot.

Note that this automatic filter is a convenience shortcut: it is not
the enforcement mechanism.  The filter exists only to provide a
meaningful definition for the otherwise unusable all-drivers targets
in Secure Boot builds.  The enforcement mechanism remains the
permissiblity check introduced in commit 1d5b1d9 ("[build] Fail Secure
Boot builds unless all files are permitted").

Signed-off-by: Michael Brown <mcb30@ipxe.org>