upgrade pauli to bookworm and the puppetmaster to puppet server 7

the very long lasting third batch of bookworm upgrades includes upgrading the puppet server. we somehow never made an issue for this, and it seems wise to track it separately than the vastly more involved eugeni upgrade.

so, let's upgrade the pauli server! the timeline for this was originally set for next week, but i'm pushing it back another two weeks as we're super busy now.

note that the bullseye upgrade was done in #40696 (closed), and puppetdb split out and upgraded in #41341 (closed). the massive amount of work behind fixing the debian package was done in #33588 (closed).

this is a blocker for upgrading the unattended-upgrades module which we need to get more timely apt-get update runs on our servers, see prometheus-alerts#20 (closed)

a few misc tasks, a suggestion:

• snapshot or do a full backup of pauli before the upgrade to provide an easy rollback in case of total failure
• upgrade pauli to bookworm (possibly holding back puppetserver to upgrade separately?)
• upgrade puppetserver to 7 (this is the big task here!)
• fix the zillion python scripts broken by the python 3 removal (?)
• remove the hacks from the installer to bootstrap puppet 7 nodes against the old puppet 5 server (#41353 (closed))

also consider my notes on the puppetserver upgrade i did at home, see https://anarc.at/services/upgrades/bookworm/#puppet-server-upgrade