Package Signing Key update guide to reflect the apt-key deprecation and to be consistent

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

There are 3 places in the GitLab documents that explain how to update the package Signing key in each own inconsistent way.
Some still guide to use the apt-key, which has been deprecated due to security concerns.

• https://docs.gitlab.com/ee/update/package/package_troubleshooting.html#error-an-error-occurred-during-the-signature-verification-when-running-apt-get-update

  • Still guides to use the apt-key and no mention about its deprecation.

• https://docs.gitlab.com/omnibus/update/package_signatures.html#update-keys-after-expiry-extension

  • Most appropriate in the three here, IMHO.
  • Still allows keep using apt-key if the current configuration is using it.
  • Only updates gitlab-?e's (not update runner's).

• https://docs.gitlab.com/runner/install/linux-repository.html#deb-based-distributions

  • Guides to use the dpkg-sig, which (might be?) incompatible with the installation script.

Proposal

• Consolidate all guides to (or point to) the current Omnibus's guide except for the apt-key usage part.
• Add a guide to update the Runner's signing key in the above Omnibus way.
• Add a guide to replace the existing apt-key configuration with the signed-by configuration.

Other links/references

related to: #364673 (closed)