ukify: fix handling of --secureboot-certificate-validity= (#30315)

Before:
$ python src/ukify/ukify.py genkey --secureboot-private-key=sb2.key --secureboot-certificate=sb2.cert --secureboot-certificate-validity=111
Traceback (most recent call last):
  File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 1660, in <module>
    main()
  File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 1652, in main
    generate_keys(opts)
  File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 943, in generate_keys
    key_pem, cert_pem = generate_key_cert_pair(
                        ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/zbyszek/src/systemd-work/src/ukify/ukify.py", line 891, in generate_key_cert_pair
    now + ONE_DAY * valid_days
          ~~~~~~~~^~~~~~~~~~~~
TypeError: can't multiply sequence by non-int of type 'datetime.timedelta'

Now:
$ python src/ukify/ukify.py genkey --secureboot-private-key=sb2.key --secureboot-certificate=sb2.cert --secureboot-certificate-validity=111
Writing SecureBoot private key to sb2.key
Writing SecureBoot certificate to sb2.cert

The new code is also clearer.

src/ukify/ukify.py

@@ -846,8 +846,6 @@ uki,1,UKI,uki,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.ht
     print(f"Wrote {'signed' if sign_args_present else 'unsigned'} {opts.output}")
 
 
-ONE_DAY = datetime.timedelta(1, 0, 0)
-
 
 @contextlib.contextmanager
 def temporary_umask(mask: int):
@@ -888,7 +886,7 @@ def generate_key_cert_pair(
     ).not_valid_before(
         now,
     ).not_valid_after(
-        now + ONE_DAY * valid_days
+        now + datetime.timedelta(days=valid_days)
     ).serial_number(
         x509.random_serial_number()
     ).public_key(
@@ -1335,6 +1333,7 @@ CONFIG_ITEMS = [
     ConfigItem(
         '--secureboot-certificate-validity',
         metavar = 'DAYS',
+        type = int,
         dest = 'sb_cert_validity',
         default = 365 * 10,
         help = "period of validity (in days) for a certificate created by 'genkey'",