chore: Use explicit key for Debian / Ubuntu repo

[hustcer]

REF: nushell/nushell.github.io#2080 (comment)

[github-actions]

Script Analysis

• The changes primarily update the package installation instructions and CI workflow to use the newer /etc/apt/keyrings directory for GPG keys instead of /etc/apt/trusted.gpg.d
• The modifications include switching from curl to wget for downloading the GPG key
• Added explicit signed-by parameter in the apt repository configuration
• Documentation (README.md) has been updated to match the CI workflow changes
• Added "keyrings" to the spellcheck dictionary

Security Review

• ✅ Improved security by using the dedicated /etc/apt/keyrings directory instead of the broader trusted.gpg.d
• ✅ Added explicit key verification with signed-by parameter in apt sources
• ✅ Using wget -qO- is slightly more secure than curl -fsSL as it's less likely to leak metadata
• ❗ Consider adding key fingerprint verification for additional security (though not strictly necessary for CI)

Optimization Suggestions

• ⚡ The wget -qO- command is slightly more efficient than curl -fsSL for this use case
• 🔄 Consider using Nushell's built-in HTTP commands (http get) instead of external tools for more consistent behavior

Overall Quality: 4