Pass Tor signing key directly from `curl` to `apt-key`, don’t use `gpg`

[PaulCapron]

This commit makes the Tor signing key be directly piped to apt-key from curl, removing the intermediate steps of importing it to, then exporting it from, the user GPG pubkey ring.

Even if the Tor official doc also does it in two passes[1], there is, as far as I can tell, no real need for these middle steps. On the contrary, gpg --import has the side-effect of also putting the Tor key into the calling user keyring. But that’s just polluting the keyring; it’s dubious anything but apt will need the Tor package signing key!

(From what concerns us here, note that there is no problem piping from a “non-sudo curl” to a “sudo [apt-key]”, because the sudo password must have been already entered by the user in a previous command.)

1: https://support.torproject.org/apt/

[flxn]

Thanks for the feedback!

[PaulCapron]

Oh, you are welcome. Thanks be to you; https://tor-relay.co/ is neat, it helped me set up a Tor relay :+1: