deprecate 'apt-key update' and no-op it in Debian

Debian isn't using 'update' anymore for years and the command is in
direct conflict with our goal of not requiring gnupg anymore, so it
is high time to officially declare this command as deprecated.

cmdline/apt-key.in

@@ -156,6 +156,13 @@ net_update() {
 }
 
 update() {
+    if [ -z "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then
+	echo >&2 "Warning: 'apt-key update' is deprecated and should not be used anymore!"
+	if [ -z "$ARCHIVE_KEYRING" ]; then
+	    echo >&2 "Note: In your distribution this command is a no-op and can therefore be removed safely."
+	    exit 0
+	fi
+    fi
     if [ ! -f "$ARCHIVE_KEYRING" ]; then
 	echo >&2 "ERROR: Can't find the archive-keyring"
 	echo >&2 "Is the &keyring-package; package installed?"

doc/apt-key.8.xml

@@ -128,17 +128,21 @@
      </listitem>
      </varlistentry>
 
-     <varlistentry><term><option>update</option></term>
+     <varlistentry><term><option>update</option></term> (deprecated)
      <listitem>
      <para>
-
        Update the local keyring with the archive keyring and remove from
        the local keyring the archive keys which are no longer valid.
        The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
        distribution, e.g. the &keyring-package; package in &keyring-distro;.
-
      </para>
-
+     <para>
+       Note that a distribution does not need to and in fact should not use
+       this command any longer and instead ship keyring files in the
+       <filename>/etc/apt/trusted.gpg</filename> directory directly as this
+       avoids a dependency on <package>gnupg</package> and it is easier to manage
+       keys by simply adding and removing files for maintainers and users alike.
+     </para>
      </listitem>
      </varlistentry>
      
@@ -181,18 +185,6 @@
 
      &file-trustedgpg;
 
-     <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
-     <listitem><para>Local trust database of archive keys.</para></listitem>
-     </varlistentry>
-
-     <varlistentry><term>&keyring-filename;</term>
-     <listitem><para>Keyring of &keyring-distro; archive trusted keys.</para></listitem>
-     </varlistentry>
-
-     <varlistentry><term>&keyring-removed-filename;</term>
-     <listitem><para>Keyring of &keyring-distro; archive removed trusted keys.</para></listitem>
-     </varlistentry>
-
    </variablelist>
 
 </refsect1>

vendor/debian/apt-vendor.ent

@@ -1,8 +1,8 @@
 <!-- details about the keys used by the distribution -->
 <!ENTITY keyring-distro "Debian">
 <!ENTITY keyring-package "<package>debian-archive-keyring</package>">
-<!ENTITY keyring-filename "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>">
-<!ENTITY keyring-removed-filename "<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>">
+<!ENTITY keyring-filename "">
+<!ENTITY keyring-removed-filename "">
 <!ENTITY keyring-master-filename "">
 <!ENTITY keyring-uri "">