Decide on dev/staging provisioning strategy compatible with securedrop-workstation-keyring

[rocodes]

(Converted to issue from the release checklist)
With securedrop-workstation-keyring providing the yum prod .repo file and release signing key, the dev/staging provisioning will need to be adjusted in order to maintain compatibility with existing make targets.

Ideally, the workstation-keyring package will be solely in charge of the file securedrop-workstation.repo in /etc/yum.repos.d/, and will not be dynamically provisioned with a staging repo config at provisioning time, since that could lead to confusing behaviour: RPM will check that the file is present, but will not overwrite its contents if it is, so the best case is for staging/dev to provision a file with a different name (eg securedrop-workstation-staging.repo), probably removing the prod .repo file so as not to confuse dom0 updates, and additionally importing the staging key into the rpm database.