veritysetup: don't measure root hash signature after unsigned fallback

veritysetup: don't measure root hash signature after unsigned fallback

verb_attach() falls back to unsigned activation (crypt_activate_by_volume_key)
when signed activation fails, but still passed the signature to
pcrextend_verity_now(). The signer is parsed out of the (unverified)
signature and folded into the dm_verity NvPCR measurement, making an
unsigned fallback indistinguishable from a genuinely signed activation to
an attester. Only measure the signature when signed activation succeeded.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>