Microsoft Windows: Allow Secure Boot for integrity validation

This test checks the setting for policy 'Allow Secure Boot for integrity validation' on Windows hosts (at least Windows 8.1). The setting controls whether Secure Boot is allowed as the platform integrity provider for BitLocker operating system drives. Secure Boot ensures that the PCs pre-boot environment only loads firmware that is digitally signed by authorized software publishers. Secure Boot also provides more flexibility for managing pre-boot configuration than legacy BitLocker integrity checks. When enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the 'Use enhanced Boot Configuration Data validation profile' GP setting is ignored and Secure Boot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker.