Allow persisting apt's keyring and 3rd party repos
a user pointed out that in our documentation about “Configuring additional APT repositories” (https://tails.boum.org/doc/first_steps/additional_software/#index6h1), nothing is said about adding a key to apt’s keyring. so while it is possible to make persistent the addition of an unsigned repository to sources.list, it is not possible to do so with a signed one.
I’d say we should either recommand people to not permanently add whatever custom repo (i.e. not signed with a key already in apt’s keyring), or we should allow and document the persistence of apt’s keyring.