Deny preload for an image with secure boot enabled

[kb2ma]

Deny an attempt to preload an app into an image with secure boot enabled, and provide a message to the user. BalenaOS does not support this action.

Implementation includes a generic, callback-driven capability to explore a partition in utils/explore-contents module. Allows for the caller to determine success or failure.

[rcooke-warwick]

Maybe instead of using promisify here, we can use the native promises api: https://nodejs.org/docs/latest-v20.x/api/fs.html#fspromisesreaddirpath-options to avoid having to do this?

[thgreasi]

@rcooke-warwick this is not the fs namespace imported at the top level, but it's the virtual fs "namespace" that balena-image-fs gives us.
That being said, since we recently added support for promises in balena-image-fs, @kb2ma should be able to just use v directly.

Suggested change

	const promiseDir = promisify(fs.readdir);
	const files = await fs.promises.readdir('/opt');

[rcooke-warwick]

Not relevant to this PR, but maybe elsewhere we can add a check to the CLI that detects if someone has tried to enable secureboot on a non signed image, and warn them that this won't work, to avoid any confusion / chance of them thinking they've deployed a secure device but haven't!

[thgreasi]

Since that's soooo similar to findBootPartitionByName() of balena-config-json, how about avoiding the duplication by creating and exposing a more generic function like the one you did here?
We can then have findBootPartitionByName() use this new findPartition() by wiring in the names of interest for the partition.