Fix Apt/GPG for third party repos

[OnGle]

At the moment when we install third-party apt repos we put their key in /etc/apt/trusted.gpg.d/ whereas we should be putting their key in /usr/share/keyrings and adding a [signed-by=<path/to/gpg/key>] part to each source line in the corrosponding sources file.

See https://wiki.debian.org/DebianRepository/UseThirdParty for more information

Some packages which use third party apt repos (non-exhaustive)

• ansible ??? - if Consider installing Ansible from PPA?! #1048 is implemented (Consider installing Ansible from PPA?! #1048 not implemented)
• asp-net-apache
• matomo (piwik)
• GitLab (as of v15.2)
• odoo
• php5.6 (in common)
• jenkins
• mediaserver (Emby) (Emby no longer installed via repo)
• canvas (yarn)
• bt-docker (tkldev/buildtasks)
  (Note Odoo does not of this writing use a third-party repo but likely will before this issue is closed).

[JedMeister]

Just updated the OP to include php5.6 and jenkins. As well as added the relevant tags (except php5.6 as that doesn't have a specific tag and I'm not sure I should create one at this point).

[JedMeister]

Also, we should double check that the new keyrings dir (/usr/share/keyrings) is included in the default TKLBAM backup!

[JedMeister]

Just did a grep through app source code to make sure I hadn't missed any. Found a couple and added them above.

[JedMeister]

FWIW, see also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851774#31