ima: limit the builtin 'tcb' dont_measure tmpfs policy rule

ima: limit the builtin 'tcb' dont_measure tmpfs policy rule

With a custom policy similar to the builtin IMA 'tcb' policy [1], arch
specific policy, and a kexec boot command line measurement policy rule,
the kexec boot command line is not measured due to the dont_measure
tmpfs rule.

Limit the builtin 'tcb' dont_measure tmpfs policy rule to just the
"func=FILE_CHECK" hook.  Depending on the end users security threat
model, a custom policy might not even include this dont_measure tmpfs
rule.

Note: as a result of this policy rule change, other measurements might
also be included in the IMA-measurement list that previously weren't
included.

[1] https://ima-doc.readthedocs.io/en/latest/ima-policy.html#ima-tcb

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>