Use keys.openpgp.org as the default key server

The SKS Keyservers are susceptible to signature flooding (references below)
A lot of PGP software (Enigmail, GPG Suite, Android OpenKeychain) have switched to keys.openpgp.org,
a newly developed key server, which mitigates this bug as well as other privacy concerns with the SKS system.

We should switch to it as well. Because Tails is configured to use an onion key server by default, it is still
using the SKS system, even though Enigmail itself has made switch.

OpenPGP.org provides an Onion Service, which can be used as a drop in replacement for the current one:

hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion

References

https://lists.gnupg.org/pipermail/gnupg-users/2019-June/thread.html#62094
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html

Related issues

Related to #16575 (closed)
Is duplicate of #12689 (closed)

Original created by @blakim on 17090 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information