Code review comment for ~pelpsi/launchpad:create-new-4096-key-for-archives-with-1024-key

> Is this safe to run today? What will happen when the new key is returned to clients before all the old indexes are resigned?

Afaik, `archive.getSigningKeyData()` and `archive.signing_key_fingerprint` are the only ones accessed by external clients and this MP does not change the values returned for these.

So the old key will continue to be returned. This MP just generates a new 4096-bit RSA key, adds them to the `signingkey`, `gpgkey`, and `archivesigningkey` tables (it also adds an `archivesigningkey` entry for the current 1024-bit RSA key) in preparation for us to update the publisher to start dual-signing archives when an archive has 2 keys (a 1024-bit RSA key and a 4096-bit RSA key).

Does this make sense?