feat(cleanup): enroll Secure Boot keys in VM NVRAM after OS installation

roles/configuration/tasks/secure_boot/shim.yml

@@ -8,9 +8,14 @@
       }}
   block:
     - name: Find shim binary in target system
-      ansible.builtin.command: >-
-        {{ chroot_command }} find /usr/lib/shim /boot/efi/EFI
-        -name 'shimx64.efi*' -type f -print -quit
+      ansible.builtin.shell:
+        cmd: >-
+          set -o pipefail &&
+          {{ chroot_command }} find /usr/lib/shim /boot/efi/EFI
+          \( -name 'shimx64.efi.signed.latest' -o -name 'shimx64.efi.dualsigned'
+          -o -name 'shimx64.efi.signed' -o -name 'shimx64.efi' \)
+          -type f | sort -r | head -1
+        executable: /bin/bash
       register: _shim_find_result
       changed_when: false
       failed_when: false