Use narrowly-scoped signing keys in instructions for using torproject apt repository
https://2019.www.torproject.org/docs/debian.html.en engages in a number of suboptimal practices. In particular, it should not encourage users to use
apt-key add with an OpenPGP certificate that is not expected to certify all repositories on the machine.
See https://wiki.debian.org/DebianRepository/UseThirdParty for reasonable guidance on setting up third party APT repositories.
(at the very least: place the key someplace like
/usr/local/share/keyrings/tor-project-arhcive.gpg and then use a
signed-by directive in the apt repository configuration)