Suppress usbguard startup unless a USB controller is visible to lspci

debian/security-misc-shared.install

@@ -55,6 +55,7 @@ usr/libexec/security-misc/disable-kernel-module-loading#security-misc-shared =>
 usr/libexec/security-misc/hide-hardware-info#security-misc-shared => /usr/libexec/security-misc/hide-hardware-info
 usr/libexec/security-misc/virusforget#security-misc-shared => /usr/libexec/security-misc/virusforget
 usr/libexec/security-misc/pam_faillock_not_if_x#security-misc-shared => /usr/libexec/security-misc/pam_faillock_not_if_x
+usr/libexec/security-misc/check-for-usb-controller#security-misc-shared => /usr/libexec/security-misc/check-for-usb-controller
 usr/src/security-misc/emerg-shutdown.c#security-misc-shared => /usr/src/security-misc/emerg-shutdown.c
 usr/bin/disabled-gps-by-security-misc#security-misc-shared => /usr/bin/disabled-gps-by-security-misc
 usr/bin/disabled-netfilesys-by-security-misc#security-misc-shared => /usr/bin/disabled-netfilesys-by-security-misc

usr/lib/systemd/system/usbguard.service.d/30_security-misc.conf#security-misc-shared

@@ -3,3 +3,4 @@
 
 [Unit]
 ConditionPathExists=/sys/bus/usb
+ExecCondition=/usr/libexec/security-misc/check-for-usb-controller

usr/libexec/security-misc/check-for-usb-controller#security-misc-shared

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+export LC_ALL='C'
+
+if lspci | grep -q '^[^ ]* USB controller: '; then
+  exit 0
+fi
+exit 1