Created installation script for secure (?) installation on Kubuntu

[bast1aan]

Hi!

Thank you for this great tool!
FYI, to help people around me to deploy and use this tool, and add some of my strong opinions on how the TPM and key signing in Linux should be safe, I created following script to install your tool:
bast1aan/scripts@fbbe14f

This summarizes as:

• install tpm-fido on the system as a GUID binary on the group _tpmfido and only executable by members of the tpmfido group.
• let only _tpmfido have extra access to the /dev/uhid and /dev/tpmrm* devices by means of ACLs in udev rules. This makes that only the tpm-fido binary has access to those devices, and not the entire user that could somehow hypothetically circumvent the pinentry consent by executing another altered binary.
• also add a small GUI widget that shows as long as tpm-fido is running. This works better when having multiple users running on the same device (in my case, a private and a corporate user), because without it happens easily that a pinentry popups on the wrong user.
• When I tested this install script on a clean default Kubuntu 24.04 install, it turns out that Snap prevents the tpm-fido tool from working in the browsers. The file 69-snap-tpm-fido.rules fixes that.

Kind regards, Bastiaan Welmers