Release process: don't include revoked subkeys in the signing key downloaded by the Upgrader (refs: #17714)

All our Upgrader needs here is the set of current, valid signing subkeys: if the
signature of the downloaded UDF is not a valid one done by one of those subkeys,
then it'll abort. It does not matter why exactly that signature failed: it could
be it a missing subkey, a revoked one, an expired one, or an UDF provided by an
attacker and signed with a totally different key. As long as the signature
verification fails, we're good.

So let's not include revoked subkeys in that exported key, which every Upgrader
downloads. In my tests, this shrinks that key from 13380 bytes down to 10349
bytes, i.e. 22% less. That's not much; it's minor polishing rather
a ground-breaking improvement, but still.

Note that the previous instructions already filtered out expired subkeys,
which is good. This commit does not modify this property.