Update our OpenPGP keys in 2017

What we’re supposed to do each year:

• Bump the signing key’s expiration date by 1 year.
• Generate a new signing subkey for each RM, and move it onto new smartcards (the old ones are still needed to keep the previous subkey during the transition period).
• If needed, generate and split a revocation certificate for our signing key. See internal.git for details.
• Create a ticket about updating our OpenPGP keys next year.

To be done at the summit during northern hemisphere summer.

Feature Branch: feature/14483-new-signing-subkeys

Subtasks

• #11749 (closed)
• #14483 (closed)
• #14485 (closed)

Related issues

• Related to #11572 (closed)
• Related to #14484 (closed)
• Blocks #13234 (closed)

Original created by @intrigeri on 11747 (Redmine)