Update our OpenPGP keys in 2016

Originally created by @intrigeri on #11572 (Redmine)

What we’re supposed to do each year:

• Bump the signing key’s expiration date by 1 year.
• Generate a new signing subkey for each RM, and move it onto their smartcards.
• Shall we generate and split a revocation certificate for our signing key? See proposal in (https://gitlab.tails.boum.org/tails/private/-/issues/7700#note_99418).
• Create a ticket about updating our OpenPGP keys next year.

To be done at the summit in August.

Related issues

• Related to tails/sysadmin#10012
• Related to tails/tails#11747