Refresh Tails signing key before each upgrade check

Originally created by @anonym on #15279 (Redmine)

That way the expiry of our keys will be much less problematic for users when Tails Upgrader looks for upgrades. So, before Tails Upgrader verifies any UDF, it’s run something like:

curl https://tails.boun.org/tails-signing.key | \
    gpg --import-options merge-only --import

which should be safe thanks to merge-only.

Feature Branch: feature/15281-single-squashfs-diff

Parent Task: #15281 (closed)

Related issues

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information