miniboot: Lock the root account during subcloud install

The root account must be locked (any logins disallowed) during the
install, otherwise the user can login via BMC if they know the password.
This commit adds the 'passwd -l root' command to the miniboot kickstart.
A TODO is added to investigate removal of setting an initial root
password.

Test Plan:
PASS:
- Install a subcloud via redfish. Verify that the root account is
  locked upon install, and past the bootstrap/deployment stages, via
  'sudo passwd -S root'

Closes-Bug: 2102679
Change-Id: Ica4264d3dd86fef7ed508157a24fac92980e38e7
Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com>

kickstart/files/miniboot.cfg

@@ -2348,7 +2348,14 @@ ilog "****    Post - Add user/groups                         **"
 ilog "*********************************************************"
 
 # Set password for root to 'root'
-usermod -p '$6$hEv/K.fPeg/$ezIWhJPrMG3WtdEwqQRdyBwdYmPZkqW2PONFAcDd6TqWliYc9dHAwW4MFTlLanVH3/clE0/34FheDMpbAqZVG.' root
+# usermod -p '$6$hEv/K.fPeg/$ezIWhJPrMG3WtdEwqQRdyBwdYmPZkqW2PONFAcDd6TqWliYc9dHAwW4MFTlLanVH3/clE0/34FheDMpbAqZVG.' root
+
+# To enable root password
+# 1. Uncomment set root password command above
+# 2. Comment out 'passwd -l root' command below
+
+# Lock the root password
+passwd -l root
 
 # Remove admin user whether it exists or not
 deluser admin || true