[deb.tpo] Package deb.torproject.org-keyring should no longer store a key in /etc/apt/trusted.gpg.d/ only in /usr/share/keyrings/

Moving from tpo/web/support#368 (comment 3072903) -- by @boldsuck

Package deb.torproject.org-keyring should no longer store a key in /etc/apt/trusted.gpg.d/ only in /usr/share/keyrings/

root@t520:~# dpkg -L deb.torproject.org-keyring
/.
/etc
/etc/apt
/etc/apt/trusted.gpg.d
/etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg
/usr
/usr/share
/usr/share/doc
/usr/share/doc/deb.torproject.org-keyring
/usr/share/doc/deb.torproject.org-keyring/changelog.gz
/usr/share/doc/deb.torproject.org-keyring/copyright
/usr/share/keyrings
/usr/share/keyrings/deb.torproject.org-keyring.gpg

DebianRepository/UseThirdParty The certificate MUST NOT be placed in /etc/apt/trusted.gpg.d ...

When adding an OpenPGP key that's used to sign an APT repository to /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d, the key is unconditionally trusted by APT on all other repositories configured on the system that don't have a signed-by option, even the official Debian / Ubuntu repositories. As a result, any unofficial APT repository which has its signing key added to /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d can replace any package on the system.

Not that I don't trust the TorProject key. It increases the desire of attackers to compromise the key or deb.torproject.org.