enable CONFIG_IMA

[Eric Paris]

Just noticed that the F12 kernel have CONFIG_IMA turned off:

# CONFIG_IMA is not set

I'd like to see:

CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
CONFIG_IMA_AUDIT=y
CONFIG_IMA_LSM_RULES=y

This should ONLY be enabled for 2.6.31 kernels as before my patches in
2.6.31 there were a couple of normal user trigger-able security issues
with IMA.

Without configuration on the boot line or configuration after boot of
the ima infrastructure there is no impact to building this piece of code
outside of the fact that it builds CONFIG_TCG_TPM and CONFIG_TCG_TIS in
and will not allow them to be built as modules.

This may cause some consternation on users of the latest lenovo
thinkpads who have to patch those modules to get them to work (TPM on
latest lenovo notebooks only supports ACPI not PNP for device
discovery), but seeing as how noone really uses the tpm anyway and
hopefully it'll be fixed upstream this week I don't see that as a large
problem....

-Eric