Switch repository metadata signing GPG key of Packagecloud instance

Related to gitlab-org/distribution/team-tasks#356 (closed) and gitlab-org/omnibus-gitlab!3946 (merged)

The current GPG key used for signing package repository metadata in our Packagecloud instance is set to expire on April 15th, 2020. We need to switch it to a new key. We plan to do it on April 5th, so that we have reasonably enough time before the existing key expires (in case something goes wrong and we need to revert while we figure out a solution), and is reasonably away from 22nd, when the repos sees most of the action.

Docs:

1. https://packagecloud.atlassian.net/wiki/spaces/ENTERPRISE/pages/15269922/GPG#GPG-important-note
2. https://packagecloud.atlassian.net/wiki/spaces/ENTERPRISE/pages/303333383/Indexing

TODO:

Before April 5th

• Balu: Get the Private key to Alex/Cindy
• Infra: Install the public key on various machines - #9577 (closed)

On April 5th

• Alex/Cindy: Backup and remove existing contents of /etc/packagecloud/gpgkey.
• Alex/Cindy: Import the private key to the packagecloud instance following the docs - sudo packagecloud-ctl gpg-private-key-import /etc/packagecloud/gpgkey
• Alex/Cindy: Run reconfigure
• Alex/Cindy: Regenerate and re-sign the packages/metadata - sudo packagecloud-ctl reindex-all
• Balu/Distribution: Verify everything works by installing a package from repository.
  • Verify the install script now installs new key
  • Verify fresh install works fine
  • Verify that upgrade fails without fetching new key
  • Verify that running install script again fetches new key
  • Verify that upgrade now succeeds after fetching the new key

cc @ahanselka @cindy @twk3 @mendeni