ukify: fix backend/option applicability docs

The `SecureBootPrivateKey` and `SecureBootCertificate` options are used
by the `systemd-sbsign` backend, not just the `sbsign` backend.

TODO

@@ -1633,13 +1633,6 @@ Features:
   work for ECDSA keys since their signatures contain a random component, but
   will work for RSA and Ed25519 keys.
 
-* add tiny service that decrypts encrypted user records passed via initrd
-  credential logic and drops them into /run where nss-systemd can pick them up,
-  similar to /run/host/userdb/. Use case: drop a root user JSON record there,
-  and use it in the initrd to log in as root with locally selected password,
-  for debugging purposes. Other use case: boot into qemu with regular user
-  mounted from host. maybe put this in systemd-user-sessions.service?
-
 * drop dependency on libcap, replace by direct syscalls based on
   CapabilityQuintet we already have. (This likely allows us to drop libcap
   dep in the base OS image)

man/ukify.xml

@@ -530,7 +530,8 @@
           <varname>SigningEngine=</varname>/<option>--signing-engine=</option> or
           <varname>SigningProvider=</varname>/<option>--signing-provider=</option> option is used, this may
           also be an engine or provider specific designation. This option is required by
-          <varname>SecureBootSigningTool=sbsign</varname>/<option>--signtool=sbsign</option>. </para>
+          <varname>SecureBootSigningTool=sbsign</varname>/<option>--signtool=sbsign</option> and
+          <varname>SecureBootSigningTool=systemd-sbsign</varname>/<option>--signtool=systemd-sbsign</option>. </para>
 
           <xi:include href="version-info.xml" xpointer="v253"/></listitem>
         </varlistentry>
@@ -543,7 +544,8 @@
           <varname>SigningEngine=</varname>/<option>--signing-engine=</option> or
           <varname>SigningProvider=</varname>/<option>--signing-provider=</option> option is used, this may
           also be an engine or provider specific designation. This option is required by
-          <varname>SecureBootSigningTool=sbsign</varname>/<option>--signtool=sbsign</option>. </para>
+          <varname>SecureBootSigningTool=sbsign</varname>/<option>--signtool=sbsign</option> and
+          <varname>SecureBootSigningTool=systemd-sbsign</varname>/<option>--signtool=systemd-sbsign</option>. </para>
 
           <xi:include href="version-info.xml" xpointer="v253"/></listitem>
         </varlistentry>