WIP: Use proper keyrings directory #163

We've decided that all gpg/asc files for APT go to /etc/apt/trusted.gpg.d, but with APT 2.4 (Debian 12), the proper directory becomes /etc/apt/keyrings

I've added a automatic variables in roles that use this.

I've also added a signed-by option in source.list files for thid-party sources.

From https://manpages.debian.org/testing/apt/apt-key.8.en.html :

Recommended: Instead of placing keys into the /etc/apt/trusted.gpg.d directory, you can place them anywhere on your filesystem by using the Signed-By option in your sources.list and pointing to the filename of the key. See sources.list(5) for details. Since APT 2.4, /etc/apt/keyrings is provided as the recommended location for keys not managed by packages.

In fact, moving to a deb822 format might make this even easier.
It is supported since since apt version 1.1 so it is available (at least) since Debian 8 (jessie).

I've noticed that we almost never update source files outside of Ansible (with the apt_repository module), so we could decide to change all custom source files to this new format, without breaking anything.

 - name: Elastic sources list is available
   apt_repository:
     repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
     repo: "deb [signed-by={{ apt_keyring_dir }}/.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"