deflogin: GLOBAL_ROOTPW is always set

use/deflogin will result in ROOTPW being exported no matter
is it set or not; xport() can't check before exporting as it
relies on lazy evaluation when the actual ROOTPW value can be
set or modified after exporting GLOBAL_ROOTPW for mkimage.

So let's not even pretent we can differ unset ROOTPW from
empty ROOTPW: both result in empty GLOBAL_ROOTPW as of today.

Fixing this would require moving the exports into a separate
makefile being included after all the configuration and checking
each variable for being defined before exporting the corresponding
GLOBAL_ prefixed one.

Yes this might be a security fix in some cases.

features.in/deflogin/README

@@ -1,5 +1,6 @@
 Эта фича конфигурирует root login и пользователей по умолчанию.
 Если ROOTPW не задан, то подходящий пароль не существует.
+Различить пустой и незаданный при текущей реализации xport() невозможно.
 
 ВНИМАНИЕ: применяйте разумно, т.к. крайне легко создать и оставить
           дыру в безопасности!

features.in/deflogin/rootfs/image-scripts.d/50-root

@@ -1,8 +1,8 @@
 #!/bin/sh
-# set root password if any; no-op if it is unset
+# set root password if any; no-op if it is empty
 
-if [ "${GLOBAL_ROOTPW=:unset}" = ":unset" ]; then
-	echo "** warning: no root password provided, you're on your own" >&2
+if [ -z "$GLOBAL_ROOTPW" ]; then
+	echo "** warning: no root password provided, skipping" >&2
 else
 	echo "$GLOBAL_ROOTPW" | passwd --stdin root
 fi