Replace use of `apt-key` with gpg commands and appropriate edits to <repo>.list

[zenmonkeykstop]

Description

apt-key has been deprecated (will be removed after Bullseye and Ubuntu 22.04) in favour of:

• using gpg directly to manage/inspect keys
• storing said keys in a protected dir (only writable by root), like /usr/share/keyrings in Debian
• adding signed-by directives in repo list entries

From a security perspective this is a good thing as keys installed via apt-key add work for any repos. The recommended Debian approach is documented in more detail here: https://wiki.debian.org/DebianRepository/UseThirdParty

This doesn't have to happen immediately, but at some stage server setup should be updated to remove use of apt-key in favour of installing the gpg key to said dir and making the necessary changes to /etc/apt/sources.list.d/apt_freedom_press.list

User Research Evidence

[legoktm]

I'm not exactly sure what the version support is, but we should take this opportunity to move toward deb822 sources: https://lists.debian.org/debian-devel/2021/11/msg00026.html

I believe we can embed the key directly in that file, which should help with apt-test vs prod apt.

[legoktm]

I believe we can embed the key directly in that file, which should help with apt-test vs prod apt.

See https://manpages.debian.org/testing/apt/sources.list.5.en.html#THE_DEB_AND_DEB-SRC_TYPES:_OPTIONS

Per https://salsa.debian.org/apt-team/apt/-/commit/3f07f5345ec79702c3c769047452041b2c12953f support was added in 2.3.10, so it's supported in bookworm and jammy at the earliest.