evaluate possible options for OpenPGP keyring maintenance

Many tickets here are about maintaining the various keyrings required for daily operations at Tor. A few examples include new keys, expiration updates and so on: #27748 (closed) , #27748 (closed), #27726 (closed), #27600 (closed), #28891 (closed), #28150 (closed), #28138 (closed), #29455 (closed)... but there are literally hundreds of such tickets.

Those keys are currently stored in many different locations:

• a fingerprint in LDAP
• git@git-rw.torproject.org:admin/account-keyring.git
• ssh://alberti.torproject.org/srv/db.torproject.org/keyrings/keyring.git
• TPA password manager also has its own keyring subset (see also #29677)
• torbrowser signing keys (duplicated in LDAP, see e.g. #28306 (closed))
• TPO main website's people page sometimes has people's keys, sometimes links to LDAP (tpo/web/tpo#332)
• openpgp-policy.toml file in puppet-control
• rbac::users in puppet-control's Hiera data, sometimes updated using parcimonie (see https://gitlab.torproject.org/tpo/tpa/puppet-control/-/merge_requests/217#note_3393319)

All of this makes key maintenance and discovery difficult. Investigate possible alternatives, including Debian packages (like the one used by debian-archive-keyring), a private keyserver, gpgsync, monkeysphere, openpgp-ca, or a flock of unicorn. ;)