This does not affect UEFI capsule updates as the signing is checked by the
machine itself. We don't know anything about the trust level at all because
NIST SP800-147 pretty much says we're not allowed to.
For BIOS or ColorHug updates however we really do need to request authentication
before downgrading or installing non-signed code.
At the moment only the Hughski Limited key is trusted for firmware, although I
hope in the future we can also include Red Hat, Microsoft, Intel, AMD and other
hardware vendors in that list too.
Fixes: https://github.com/hughsie/fwupd/issues/5
