Release new Bullseye securedrop-keyring package

[rocodes]

The updated Bullseye version of securedrop-keyring should be released as soon as it's available, as it's a prerequisite for creating a new SDW base template as per freedomofpress/securedrop-workstation#887

[rocodes]

(moving this to "blocked" temporarily to get a quick opinion on https://github.com/freedomofpress/securedrop-builder/issues/448, since it affects our tagging strategy for this release)

[rocodes]

@zenmonkeykstop : Could I ask you to handle the (proper) tag signing for https://github.com/freedomofpress/securedrop-builder/releases/tag/securedrop-keyring-0.2.0 ?

[zenmonkeykstop]

A release key-signed version is now available, plz verify.

[rocodes]

QA

Since the package is now on apt-test, I did a very quick/basic QA:

Environment: Thinkpad T490 @ staging

• [x] Staging setup updated successfully and securedrop-keyring-0.2.0 is installed on all the sd-vms except sd-whonix (QAers can check via apt show, or can run make test in dom0 if version of dom0 code is fairly up-to-date)
• [x] Open a terminal in one of the VMs, inspect /etc/apt/trusted.gpg.d/, observe securedrop-keyring.gpg. Import the keyring into a temporary gpg home directory, observe only the release key with new expiry date in the keyring.

However, I also notice that Debian has kept the old keyring file in place as /etc/apt/trusted.gpg.d/securedrop-keyring.gpg~, and has added /etc/apt/trusted.gpg.d/securedrop-keyring.gpg.dpkg-dist. We might not want these to stick around, particularly the former. I will file an issue.