fix(tools.func): fix GPG key format detection in setup_deb822_repo

The previous logic using 'file | grep PGP' was inverted — both
ASCII-armored and binary GPG keys matched the pattern, causing
ASCII-armored keys to be copied directly instead of being
dearmored. This resulted in APT failing with NO_PUBKEY errors
on Debian 12 (bookworm).

Use 'grep BEGIN PGP' to reliably detect ASCII-armored keys and
dearmor them, otherwise copy binary keys directly.

misc/tools.func

@@ -1304,17 +1304,17 @@ setup_deb822_repo() {
     return 1
   }
 
-  if file "$tmp_gpg" | grep -qi 'PGP\|GPG\|public key'; then
-    # Already in binary GPG format — copy directly
-    cp "$tmp_gpg" "/etc/apt/keyrings/${name}.gpg" || {
-      msg_error "Failed to install GPG key for ${name}"
+  if grep -q "BEGIN PGP" "$tmp_gpg" 2>/dev/null; then
+    # ASCII-armored — dearmor to binary
+    gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" < "$tmp_gpg" || {
+      msg_error "Failed to dearmor GPG key for ${name}"
       rm -f "$tmp_gpg"
       return 1
     }
   else
-    # ASCII-armored — dearmor to binary
-    gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" < "$tmp_gpg" || {
-      msg_error "Failed to dearmor GPG key for ${name}"
+    # Already in binary GPG format — copy directly
+    cp "$tmp_gpg" "/etc/apt/keyrings/${name}.gpg" || {
+      msg_error "Failed to install GPG key for ${name}"
       rm -f "$tmp_gpg"
       return 1
     }