Don't run any Option ROMs stored outside of the system flash

Don't run any Option ROMs stored outside of the system flash

Right now coreboot only executes VGA Option ROMs. However, this is not
good enough. For security reasons we want to execute only Option ROMs
stored in our r/o CBFS.

This patch adds a new option to disable execution of arbitrary Option
ROMs.

Also fix the capitalization of Option ROM in src/devices/Kconfig

Change-Id: I485291c06ec5cd1f875357401831fe32ccfc5f2f
Signed-off-by: Stefan Reinauer <reinauer@google.com>
Reviewed-on: http://review.coreboot.org/730
Tested-by: build bot (Jenkins)
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
Reviewed-by: Mathias Krause <minipli@googlemail.com>