Have check-mirrors use a dedicated keyring
Originally created by @sajolida on #7859 (Redmine)
At the moment when running from our servers, check-mirror uses the keyring of its Unix user, with only the right signing key imported in it.
This shouldn’t matter when it’s running as a dedicated user but in other case, a mirror could publish a signature that is valid according to a different key.
Source code: git clone https://git.tails.boum.org/check-mirrors
Mentoring: tails-mirrors@boum.org