Release-signing for Windows Xen PV drivers

[omeg]

Currently the Windows PV drivers are test-signed because upstream doesn't provide signed binaries anymore. This requires all Windows VMs to enable test mode which is not ideal. Release signing requires a few steps:

• A proper code signing certificate (any authenticode one from a public CA is fine).
• Windows Hardware Compatibility Program certification. The drivers need to be tested in the Hardware Lab Kit with a proper set of rules, then the (passing) results sent along the binaries and the signing cert to Microsoft for certification. If all goes well we receive MS-signed binaries back.
• Some modifications to the Xen backend/pvdrivers might be needed, specifically to change the PCI device IDs so they don't conflict with the upstream values. From my understanding only one set of drivers for a particular set of hardware IDs is permitted.
• Changes to the building process to accommodate using a release cert, probably from an external storage/card reader.

We would gain some significant usability improvements from this:

• The drivers could be distributed via Windows Update, no need to bundle them with Qubes Windows Tools.
• No need for test signing being enabled so reduced OS attack surface.
• Possibly automatic crash dump collection from Windows Update (hopefully not needed).

There are some disadvantages too:

• The cost for the code signing cert (a few hundred dollars per year).
• HLK testing is pretty involved and requires a special multi-VM setup. I wasn't able to get it to fully work in Qubes, there were some weird connectivity issues despite the VMs being properly connected via network. I was able to do tests in a native Windows environment though.
• HLK certification needs to be done for every update (tests can easily take more than a day to fully run).

[DemiMarie]

• The drivers could be distributed via Windows Update, no need to bundle them with Qubes Windows Tools.

Bundling them with QWT is still a good idea, because it works even when the VM is offline.