Disable fwupd-refresh.timer, triggers OSSEC warnings

For various reasons, the timer to run `fwupdmgr refresh` ocassionally
triggers OSSEC alerts, which admins can't do anything about.

We currently don't use fwupd for firmware updates, so the daily refresh
of metadata is useless and should be safe to disable. If in the future
we do want admins to install updates with fwupd, they can run refresh
manually as part of the process.

Fixes #6204.

install_files/securedrop-config-focal/DEBIAN/postinst

@@ -20,6 +20,9 @@ case "$1" in
     cp /opt/securedrop/50unattended-upgrades /etc/apt/apt.conf.d/
     cp /opt/securedrop/reboot-flag /etc/cron.d/
 
+    # Disable fwupd-refresh (#6204)
+    systemctl is-enabled fwupd-refresh.timer && systemctl disable fwupwd-refresh.timer
+
     ;;
     abort-upgrade|abort-remove|abort-deconfigure)
     ;;