Comment 7 for bug 1686183

* the key should be shipped as a key fragment in /usr/share/keyrings/ubuntu-keyring-extended-security-maintainance.gpg

* the shell script should simply copy that key fragment into /etc/apt/trusted.gpg.d/ upon enablement of the ESM repository

* there should not be encoded binary in the shell script, and no need to call apt-key; just a cp.

* the script should check for and install apt-transport-https if missing