efi-image: Fix missing part_* modules in boot<platform>.efi

Setting the value of PARTITIONLIST in a sub-shell is scoped to the
sub-shell, it will not change the value of the variable in the parent
shell.

In other words:

    #!/bin/sh
    FOOBAR=
    (FOOBAR=foo)
    echo FOOBAR=$FOOBAR

gives the output:

    FOOBAR=

As a consequence, PARTITIONLIST being empty, there are no part_*
modules embedded in the boot<platform>.efi binary. This is clearly a
regression, introduced in 7b36f5b0ad.

Somehow, Debian doesn't seem to be impacted. Kali Linux is impacted, but
only under very special conditions, leading to this bug report:
<https://bugs.kali.org/view.php?id=8441>

This commit fixes it, by setting the PARTITIONLIST variable first, and
then using it where needs be. As a consequence it greatly simplifies the
next part of the code, as we can just use a heredoc to create the grub
config.

scripts/build/efi-image

@@ -56,17 +56,19 @@ EOF
 # Set the timestamps
 find $workdir -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" -exec touch '{}' -d@${SOURCE_DATE_EPOCH} ';'
 
-mkdir -p "$outdir/boot/grub/$platform"
 # All partition modules will be activated, unless UEFI secure boot is active (they are not signed)
 PARTITIONLIST=""
-(echo "if [ x$grub_platform == xefi -a x$lockdown != xy ] ; then "; \
 for i in /usr/lib/grub/$platform/part_*.mod; do
-	i=`echo $i | sed 's?^.*/??g;s?\.mod$??g;'`
-	echo "insmod $i"
-	PARTITIONLIST="${PARTITIONLIST} $i"
- done; \
- echo "fi"; \
- echo "source /boot/grub/grub.cfg") >"$outdir/boot/grub/$platform/grub.cfg"
+	i=$(echo $i | sed 's?^.*/??g;s?\.mod$??g;')
+	PARTITIONLIST="$PARTITIONLIST $i"
+done
+mkdir -p "$outdir/boot/grub/$platform"
+cat >"$outdir/boot/grub/$platform/grub.cfg" <<EOF
+if [ x$grub_platform == xefi -a x$lockdown != xy ] ; then
+$(printf "    insmod %s\n" $PARTITIONLIST)
+fi
+source /boot/grub/grub.cfg
+EOF
 
 # Build the core image.
 (cd "$workdir"; tar -cf - boot) >"$memdisk_img"