Add script to simplify promoting packages from dev to prod

[legoktm]

The new ./scripts/promote-suite simplifies the process of promoting packages from the dev repository to the prod one.

The primary use case currently is for promoting Tor and Linux packages.

For each package in the dev repo, it compares the highest version to the highest version in the prod repo, copying over the dev package if they don't match. There are some edge cases where this doesn't work (which is annotated with a code comment), but it should get the majority correct.

As a side-effect, it could reveal when a package in dev was forgotten for promotion to prod.

In the future this script could be fancier by showing debdiffs and diffoscopes of the newly promoted packages, or a dry-run mode that shows which packages are pending promotion.

I've wanted to do this for a while, mostly motivated today because yesterday I screwed up copying the Tor debs over and got annoyed.

Test plan

• [x] Set up the directory layout as documented if you already don't have it that way
• [x] Check out 195e260cdd1228f07354f5068f3c8fb8b98de24f ("Remove buster distribution") in the securedrop-debian-packages-lfs repository
• [x] Run ./scripts/promote-suite core/focal, observe the following output:

  Promoting linux-headers-5.15.81-grsec-securedrop_5.15.81-grsec-securedrop-1_amd64.deb
  Promoting linux-image-5.15.81-grsec-securedrop_5.15.81-grsec-securedrop-1_amd64.deb
  Promoting securedrop-grsec_5.15.81-grsec-securedrop-1_amd64.deb
  Promoting tor-geoipdb_0.4.7.12-1~focal+1_all.deb
  Promoting tor_0.4.7.12-1~focal+1_amd64.deb

• [x] Look in the securedrop-debian-packages-lfs and verify the packages were copied correctly