FIPS kernels should default to fips mode

[ Impact ]

 * Ubuntu builds regular kernels without FIPS configuration enabled at compile time
 * Canonical also builds FIPS kernels with FIPS configuration enabled at compile time, intended to only be used in FIPS mode
 * Currently, due to upstream patches, this thus requires additional runtime configuration of bootloader to always specify `fips=1` to turn on FIPS mode at runtime, as it is off by default
 * This adds additional complexity when performing autopkgtests, creating Ubuntu Core images, switching to/from Pro FIPS, drafting and verify security policy
 * Instead all of this can be avoided, if fips=1 is the implicit default for the FIPS kernels.
 * This has no effect on regular kernels

[ Test Plan ]

 * generic kernel build should have no effect / no changes, as dead code is patched. I.e. /proc/sys/crypto/fips_enabled not present

 * fips kernel build should have the following content in the /proc/sys/crypto/fips_enabled file:
   + without any fips= setting fips_enabled should be set to 1 (new behaviour)
   + with fips=1 setting fips_enabled should be set to 1 (double check existing behaviour)
   + with fips=0 setting fips_enabled should be set to 0 (double check existing behaviour)

 * pro client can continue to set fips=1, just in case, as older certified fips kernels still require this setting.

[ Where problems could occur ]

 * Some 3rd party tools do not consult /proc/sys/crypto/fips_enabled and rely on access to the kernel cmdline "fips=1", they are wrong, but also there is no current intention to break any such users, as pro client will continue to set fips=1 for now.

[ Other Info ]

 * Intention is to land this for noble; for the future noble fips kernels. FIPS Updates kernels, if at all possible.