do not call 'apt-key update' in apt.postinst

do not call 'apt-key update' in apt.postinst

The debian-archive-keyring package ships trusted.gpg.d fragment files
for a while now and dropped their call to 'apt-key update', so there is
no need for use to call it as the keys will always be available.

This also finally allows a user to remove key(ring)s without APT to
overriding this decision by readding them with this step.

The functionality is kept around in the odd case that an old
debian-archive-keyring package is used which still calls 'apt-key
update' and depends on the import (hence, we also do not enforce a newer
version of the debian-archive-keyring via our dependencies)