When running from git HEAD, just initialising the ipolicy when
non-existing is not good enough; we need to upgrade also missing keys,
etc.

This has downsides though, as it means we'll always 'rewrite' the
ipolicy, which might create silent data loss for unhandled changes
(e.g. key removal).

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>