repository setup: new GPG repository keys

[mika]

The managed repository no longer works:

Err:1 https://packages.grafana.com/oss/deb stable InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9E439B102CF3C0C6

See https://grafana.com/blog/2023/01/12/grafana-labs-update-regarding-circleci-security-updates/ and https://packages.grafana.com/:

The GPG key used to sign the APT repository (fingerprint 4E40DDF6D76E284A4A6780E48C8C34C524098CB6)
was rotated on 2023-01-12 and replaced with a new key with fingerprint 0E22EB88E39E12277A7760AE9E439B102CF3C0C6. 

Sadly the provided GPG key file https://apt.grafana.com/gpg.key includes a recovery certificate/signature which seems to break apt-key, so AFAICS it doesn't seem to be a simple key ID update. 😞

[aboks]

They removed the revocation certificate from https://apt.grafana.com/gpg.key (see https://grafana.com/blog/2023/01/12/grafana-labs-update-regarding-circleci-security-updates/#changes-from-original-post), so it seems this can now be fixed by just updating the key ID.

For anyone who wants a workaround, you can apply the following 'monkeypatch' after including the grafana class:

Apt::Source <| title == 'grafana' |> {
  key => {
    'id'     => '0E22EB88E39E12277A7760AE9E439B102CF3C0C6',
    'source' => 'https://apt.grafana.com/gpg.key',
  },
}