Failed attempt at fixing signing

PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.

Override it at the source and set it explicitely as well.

This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.

11.0 signing is ignored.

This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.

--

After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled

Scripts/LineageOS-16.0/Functions.sh

@@ -41,13 +41,6 @@ buildDevice() {
 }
 export -f buildDevice;
 
-buildDeviceUserDebug() {
-	cd "$DOS_BUILD_BASE";
-	export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
-	breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2;
-}
-export -f buildDeviceUserDebug;
-
 buildDeviceDebug() {
 	cd "$DOS_BUILD_BASE";
 	unset OTA_KEY_OVERRIDE_DIR;

Scripts/LineageOS-16.0/Patch.sh

@@ -69,8 +69,7 @@ patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictio
 
 enterAndClear "build/make";
 git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
-patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
-awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
+patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
 sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Switch to Silence