Chainloading is not supported when SecureBoot is enabled [1].

Currently, this issue is tried to be tackled by changing the boot order during installation to boot from disk by default. But this disturbs the "always boot from network" workflow which might result in broken attempts for the user to re-provision a host (see https://github.com/theforeman/foreman/pull/9123).

What we can do is to exit network booted GRUB2 with `exit 1` resulting in the boot of the next boot device, which is probably the boot file from disk.

The use of efibootmgr_netboot is still possible (if desired).
The proposed solution would also work when SecureBoot is disabled, however to avoid side effects I propose to only boot next device if SecureBoot is enabled (GRUB2 variable `lockdown=y` [2]).

[1]: https://www.gnu.org/software/grub/manual/grub/grub.html#UEFI-secure-boot-and-shim
[2]: https://www.gnu.org/software/grub/manual/grub/grub.html#Lockdown