Description of problem:
An initramfs generated by dracut does not correctly include all required files for cryptographic libraries to behave as they should in FIPS mode. When `fips=1` is present on the kernel command line, RHEL user space should enable FIPS-specific settings and checks, but this does not work for at least OpenSSL and GnuTLS.

Specifically, an initramfs generated by dracut, booted with fips=1 on the command line:

• Does not list the FIPS provider in `openssl list -providers`, because it does not include `$(pkg-config --variable=modulesdir libcrypto)`, which provides fips.so. Additionally, even with this file present, the lack of an OpenSSL configuration file at `/etc/pki/tls/openssl.cnf` means that the FIPS provider is not automatically enabled. Note that the default `openssl.cnf` also requires `crypto-policies` to be installed.

• Fails the GnuTLS integrity checks (which means that the library will refuse to perform any cryptographic operations), because it does not include `%{_libdir}/.gnutls.hmac` This mainly affects initramfs with NetworkManager, because that uses GnuTLS.

A similar issue may affect NSS, which keeps its integrity checksums in `%{_libdir}/libfreebl3.chk`, `%{_libdir}/libfreeblpriv3.chk`, and `%{_libdir}/libsoftokn3.chk`. These files must also be present when NSS is included in the initramfs.

Version-Release number of selected component (if applicable):
055-45.git20220404.el9_0

How reproducible:
Drop into an emergency shell in a dracut initramfs booted with fips=1. Run

Steps to Reproduce:
1. openssl list -providers – it should list the OpenSSL FIPS provider, not just the default provider
2. openssl dgst -md5 /bin/sh - should fail if the FIPS provider is correctly used
3. Run any binary that links to libgnutls.so – it must not print "Error in GnuTLS initialization: Error while performing self checks."

If you cannot find a binary that does this but have python, you can use:
$ python3
>>> from ctypes import *
>>> libgnutls = CDLL("/lib64/libgnutls.so.30")
Error in GnuTLS initialization: Error while performing self checks.

Actual results:
Libraries in initramfs will either not work (GnuTLS), or silently perform non-FIPS-approved cryptography (OpenSSL) when booted with `fips=1`.

Expected results:
Libraries should behave as in FIPS mode and only perform FIPS-validated crypto when booted with `fips=1`.

Additional info:
This blocks leapp upgrades of systems in FIPS mode (bug 2097003).
We need this fixed in 9.0 EUS, 9.1.z and 9.2.z.