Update our OpenPGP keys in 2018

What we’re supposed to do each year:

Bump the master key’s expiration date by 1 year.
Generate a new signing subkey for each RM, and move it onto new smartcards (the old ones are still needed to keep the previous subkey during the transition period).
If needed, generate and split a revocation certificate for our signing key. See internal.git for details.
Create a ticket about updating our OpenPGP keys next year.

To be done at the summit during northern hemisphere summer.

Feature Branch: bugfix/14484-update-openpgp-signing-key

Original created by @intrigeri on 14484 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information