Add Debian endpoint for distribution key

What does this MR do and why?

Unlike other repositories, Debian repositories are primarily verified using GPG signatures (and not using https).

Support for this was added in Gitlab in several steps (from &6057 (comment 582697034)):

7. Signed Release files (GPG)
   1. Add Packages::Debian::GenerateDistributionKeyService !53826 (merged)
   2. Debian Group and Project Distribution Keys (schema and model) !60993 (merged)
   3. Add Packages::Debian::SignDistributionService !64926 (merged)
   4. Add signed_file to Debian distributions !66470 (merged)
   5. Plug Packages::Debian::SignDistributionService in GenerateDistributionService !66907 (merged)
   6. Return signature in InRelease and Release.gpg endpoints !67061 (merged)
   7. Add endpoints for public certificate !71716 (merged) 👈

The remaining part is to use the public key client-side to verify the signature. This is the goal of this MR, i.e item 7.7.

This MR also removes [trusted] from sources.list, from sources.list(5):

Trusted (trusted) is a tri-state value which defaults to APT deciding if a source is considered trusted or if warnings should be raised before e.g. packages are installed from this source. This option can be used to override that decision. The value yes tells APT always to consider this source as trusted, even if it doesn't pass authentication checks. It disables parts of apt-secure(8), and should therefore only be used in a local and trusted context (if at all) as otherwise security is breached. The value no does the opposite, causing the source to be handled as untrusted even if the authentication checks passed successfully. The default value can't be set explicitly.

Actually, I'm not sure there is a read risk, given https is also used, but [trusted] will trigger reactions from the community, and may encourage bad practices.