replace dsa-update-apt-status with another cron job

i just noticed, this morning, that we still run dsa-update-apt-status nightly everywhere. this caused problems with Prometheus in the past (#41355 (closed) ), as it was also running apt update, but we worked around those (by not running apt update, essentially). But now we're retiring nagios entirely (#40695 (closed)) and, with that, the tor-nagios-checks package.

we have a plan to replace ad-hoc commands from there that we run manually (#41671 (closed)) but this one, specifically, absolutely needs to be ran at least daily on our infra, short of becoming completely out of date.

we should also probably monitor this and consider inspecting all cron jobs for other nagios checks (although those, I guess, will start complaining noisily if we actually remove the package).

it will be nice, that said, to stop seeing those errors:

Date: Sat, 21 Sep 2024 14:25:37 +0000
From: root@palmeri.torproject.org (Cron Daemon)
To: root@palmeri.torproject.org
Subject: Cron <root@palmeri> [ -x /usr/sbin/dsa-update-apt-status ] && /usr/sbin/dsa-update-apt-status

E: Failed to fetch https://mirror.hetzner.de/debian/packages/dists/bookworm-backports/main/binary-amd64/Packages.xz  Hash Sum mismatch
   Hashes of expected file:
    - Filesize:240288 [weak]
    - SHA256:46b05919be9374ecf4bfe03a968c6ac0a380e0653caf5f8653334a0b8c196936
   Hashes of received file:
    - SHA256:f0ba8e77996fc31ef4420b5e5ba2fa2ab3daad60200a4aba03f38dce2c7f8ced
    - Filesize:240288 [weak]
   Last modification reported: Fri, 20 Sep 2024 20:05:48 +0000
   Release file created at: Sat, 21 Sep 2024 08:13:51 +0000
E: Some index files failed to download. They have been ignored, or old ones used instead.
E: Failed to fetch https://mirror.hetzner.de/debian/packages/dists/bookworm-backports/main/binary-amd64/Packages.xz  Hash Sum mismatch
   Hashes of expected file:
    - Filesize:240288 [weak]
    - SHA256:46b05919be9374ecf4bfe03a968c6ac0a380e0653caf5f8653334a0b8c196936
   Hashes of received file:
    - SHA256:f0ba8e77996fc31ef4420b5e5ba2fa2ab3daad60200a4aba03f38dce2c7f8ced
    - Filesize:240288 [weak]
   Last modification reported: Fri, 20 Sep 2024 20:05:48 +0000
   Release file created at: Sat, 21 Sep 2024 08:13:51 +0000
E: Some index files failed to download. They have been ignored, or old ones used instead.
E: Failed to fetch https://mirror.hetzner.de/debian/packages/dists/bookworm-backports/main/binary-amd64/Packages.xz  Hash Sum mismatch
   Hashes of expected file:
    - Filesize:240288 [weak]
    - SHA256:46b05919be9374ecf4bfe03a968c6ac0a380e0653caf5f8653334a0b8c196936
   Hashes of received file:
    - SHA256:f0ba8e77996fc31ef4420b5e5ba2fa2ab3daad60200a4aba03f38dce2c7f8ced
    - Filesize:240288 [weak]
   Last modification reported: Fri, 20 Sep 2024 20:05:48 +0000
   Release file created at: Sat, 21 Sep 2024 08:13:51 +0000
E: Some index files failed to download. They have been ignored, or old ones used instead.

... and instead see a prometheus error when (and only when) the sources.list fail to update (and possibly only one alert for the entire infra).

Edited Sep 21, 2024 by anarcat