The bootloader id should be garuda not garudaos.
Such a script is not really needed since it only needs to be run once and it can be replaced with just 2 commands:
sbctl verify | sed 's/^✗ \(.*\) is not signed$/sbctl sign -s \1/e'
find /boot/vmlinuz-* | xargs -n1 sbctl sign -s
Here is a short guide for Garuda Linux: Secureboot - #3 by stefanwimmer128
Here is a longer write up: Secure Boot Guide