initrd/bin/kexec-unseal-key: never show final PCRs content but in DEBUG mode/Recovery Shell

Next steps on this is introspection and PCRs reconstruction helpers, which will output in DEBUG and be usable from recovery shell.
We have to keep in mind that providing those tools is useful in DEBUG mode and for users having access to Recovery Shell.
But currently, having access to cbmem -L output and final PCRs content is making it too easy for Evil Maid to know what needs to be hardcoded to pass measured boot.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>

Author: tlaurion

initrd/bin/kexec-unseal-key

@@ -41,7 +41,7 @@ for tries in 1 2 3; do
 		exit 0
 	fi
 
-	pcrs
+	DEBUG $(pcrs)
 	warn "Unable to unseal disk encryption key"
 done